Now you too can mount your own Operation Aurora Attacks!!!

But don’t.  Please don’t!…      just….       don’t!…

Instead, why don’t you apply the out-of-band patch ( MS10-002 ) that Microsoft has just released…?!!!

Patching remote-code-execution vulnerabilities is usually “a good idea” to say the least.  But, considering that:

Microsoft rushed to get this patch out…… ( Thank you Microsoft! )

And that, this patch addresses several Internet Explorer vulnerabilities – of which includes CVE-2010-0249 – the infamousAurora attacks” related vulnerability that’s well known to be making the rounds in the wild.

Annnnd that, the Metasploit framework has released an update that can generate attacks based on this….. Which means that every script-kiddy / pentester / disgruntled-monkey-with-a-laptop can mount their own little mini operation Aurora-like attacks.


Annnnnnd that, Microsoft has posted an advisory about an unpatched elevation of privilege attack that affects most Windows NT platforms ( from Windows NT 3.1 to, and including, Windows 7 ) – which there is proof-of-concept code now publicly available for…..

One, probably ought to apply this patch as soon as possible.

For more information on the recent Microsoft Security Update or Advisory, see the latest SophosLabs vulnerability analysis here.