Internet Explorer Aurora Exploit in the Wild


I’m happy to note that according to Google Analytics only 28% of you are using Internet Explorer. My hat’s off to 72% of you. If you are in that other 28%, however, unless you like your personal data compromised or you want to feel the thrill of having your PC ride in a botnet herd, use it to download Chrome or Firefox or Opera or Safari or whatever and don’t open it again until Microsoft gets out a patch for the Aurora exploit.

If you’ve read the hubub about China hacking into Google to go after dissidents and others in recent days, you may have heard that IE was a primary attack vector. The exploit is now in the wild and was added to Metasploit, an open source security testing framework that is a ton of fun to play with at wifi hotspots (so I’ve heard) but can otherwise be used to ruin your whole day. This video should send chills down your spine:

No social engineering hacks required. Just clicking on a link can compromise your system. Reports are indicating that all versions of IE, 6 to 8, are affected.

If you think I’m being over-reactionary or that my anti-Microsoft bias is shining through, note that Germany has recommended everyone stop using Internet Explorer immediately and over 20 other tech companies have been hacked. Right now there is no patch from Microsoft.

Hopefully by the time you read this Microsoft will have a patch out, but if that isn’t the case, don’t click on the big blue E unless it’s to download a different browser.

*Edit: France has now joined Germany in advising its people to stop using Internet Explorer until there’s a fix.