Aurora was notable because of its targets: Hackers broke into Google's network, and those of other Western companies, in late 2009 and early 2010 by exploiting a zero-day bug in IE6. Google accused Chinese hackers of the attacks, a charge that prompted the search giant to threaten a shutdown of its Chinese operations.
Because IE10 was not affected by the recent zero-day vulnerability, Storms suspected that Microsoft may have known of the flaw before it publicly surfaced. That would go a long ways in explaining the speed with which it fixed the bug.
"On one hand, it may show just what they can do in a limited time after saying they had increased resources of the IE security team," said Storms of the Microsoft announcement in July. "Or, since we know it was fixed in IE10, they may have had the background work already done [on other editions]. Unless they come out and tell us, though, we'll never know [which is accurate]."
Windows users can obtain MS12-063 via the Microsoft Update and Windows Update services, as well as through the enterprise-grade WSUS (Windows Server Update Services).
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+, or subscribe to Gregg's RSS feed. His e-mail address is firstname.lastname@example.org. See more articles by Gregg Keizer.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.