You mean like it basically says right in the beginning of the post? ;)
"Earlier today this entry from yesterday at Wepawet (an online analysis engine for malware) was pointed out to H.D. Moore, and within hours Metasploit has an exploit of the vulnerability integrated. McAfee has confirmed that the exploit is out and the same one they saw during the investigation"
Source: http://praetorianprefect.com/archives/2010/01/the-aurora-ie-...
On your second item, here's what McAfee has stated:
"Computer code that exploits the yet-to-be-patched Internet Explorer vulnerability used in Operation Aurora to attack Google and others in December has now been published on the Internet."
Source: http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploi...
