Aurora – IE 0-day vulnerability

by: Zarex dela Cruz, CISSP, CISA on Wednesday, January 20, 2010 1:20 PM


Aurora Borealis or the Northern Light is a jaw-dropping awe vista to witness. I have not witnessed one but it’s one of my dreams. While we know the beauty of it, there is another and different aurora (not borealis) that is not to be messed with.

The Operation Aurora dubbed by McAfee to describe the very recent Microsoft’s Internet Explorer Zero-Day vulnerability is a “coordinated attack which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems.” It was used to exploit Google and other 30 more companies as previously reported. Last Friday, George Kurtz, McAfee’s CTO talked in his Security blog about the Aurora exploit that is used to attack Google in December is now in public.

Any zero-day vulnerability is always a bad thing. Two weeks ago, one of my older computers crashed and for what I know it could be caused by this same exploit. While the discovery of this vulnerability has been a while now, Microsoft has yet to release an official patch.

The bad thing is, there are third-party patches out there that have gone out to provide temporary fix for this vulnerability. I would not really recommend installing these third-party patches since we don’t know what the ill-effects in the long run. The good news is, Microsoft is going to release a patch tomorrow, January 21st. Read Microsoft’s Bulletin.

To learn more about Operation Aurora from McAfee, watch the video from George Kurtz and the McAfee team here.

On the other side, I believe this same vulnerability is called by Symantec as Hydraq.

Hydraq is a targeted attack. Through the exploitation of a vulnerability, it attempts to install a trojan on a specific computer that steals information from that machine. The trojan attempts to make contact with command and control servers in order to receive instructions and to upload any information that it may have collected. This type of attack is often called an advanced persistent threat because of the sophistication and persistence of the attack within a business.

What I like about reading the page that Symantec provides is they outlined 3 important things to protect yourself, which is what really I wanted to convey to everyone, not only to home users, but also even helpdesk support, or even any security professionals in their workplace.

    • Stay up-to-date with security patches. Zero-day vulnerability like this can wreak havoc and even worst, loss of your important data. So make sure that your OS, applications, antivirus are all up-to-date. It’s a must.
    • Complete security solution. Having antivirus, firewall, and even host intrusion detection software will spot these from the very beginning. Again, an updated definitions or dat files is as important as the software. Even if you have antivirus installed if the signature definitions are outdated, it is useless. Get them updated.
    • User awareness. This is one of the keys. Understand even the basics of security and how important it is will give you an advantage. I like saying this a lot:  “security is nothing until your computer is hacked and you lost all your data, then security is everything”.

      No comments yet.

      Leave a comment