谷歌公佈Windows漏洞招致微軟譴責

Microsoft on Tuesday warned that a group of hackers linked to attacks on the Democratic National Committee had exploited a vulnerability in all Windows PCs that it would not be able to fully mend for another week.

週二，微軟(Microsoft)警告稱，一羣與美國民主黨全國委員會(Democratic National Committee)受到的攻擊有關的黑客，已對所有Windows系統個人電腦上的一個漏洞加以利用，而該漏洞還需要一週時間才能被完全修補。

The flaw was disclosed publicly on Monday by Google,

該漏洞是週一由谷歌(Google)公開披露的。

provoking a sharp rebuke from Microsoft about the dangers of revealing flaws like this before fixes are available.

谷歌此舉引發了微軟的強烈譴責，後者稱在發佈補丁前就披露這樣的漏洞很危險。

Microsoft said the software flaw had been used by a group it calls Strontium, and which is known more widely as Fancy Bear.

微軟表示，這一軟件漏洞已被一家它稱爲鍶(Strontium)的組織利用。該組織更爲人熟知的名字是Fancy Bear，迄今已運作了將近十年。

The group, which has been operating for nearly a decade, has been linked by security researchers to the Russian military and has been tied to a number of attacks on government, military and corporate systems.

安全研究人員認爲，該組織與俄羅斯軍方有關聯。人們還認爲，該組織與多起對政府、軍方和企業系統的網絡攻擊有關，其中包括今年對美國民主黨全國委員會的一次攻擊。

These include an assault on the DNC this year that is believed to have led to subsequent email leaks that have embarrassed the Democratic party in the run-up to the presidential election.

這次攻擊據信導致了隨後的電子郵件外泄，令民主黨(Democratic Party)在美國總統大選前夕狼狽不堪。

The flaw was uncovered by two security researchers at Google and notified to Microsoft on October 21.

該漏洞由谷歌的兩名安全研究人員發現，谷歌在10月21日通知了微軟。

On Monday, when the software company had still not released a patch to repair its Windows operating system from attack, Google publicly announced the vulnerability.

週一，在微軟還未發佈補丁修補其Windows操作系統以防範這一攻擊之際，谷歌就公開宣佈了這一漏洞。

Terry Myerson, head of the Windows business, hit out at the internet company on Tuesday afternoon, suggesting that it had not shown responsible technology industry participation.

週二下午，微軟Windows業務主管特里.邁爾森(Terry Myerson)對谷歌發起猛烈抨擊，稱谷歌未表現出負責任的科技業參與意識。

Disclosing a so-called zero-day exploit before it has been repaired alerts other hackers to the flaw and can lead to more attacks on Windows PCs.

在一個所謂的零日漏洞被修補前就披露它，會提醒其他黑客注意該漏洞，這可能會引發對Windows系統個人電腦的更多攻擊。

Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk, Mr Myerson wrote in a blog post.

邁爾森在一篇博客文章中寫道：谷歌決定在補丁被廣泛提供和測試前就披露這些漏洞，這令人失望，會將用戶置於更大的風險之中。

Google defended its actions on Monday, saying it always published details of critical vulnerabilities seven days after it warns other software companies about them so that computer users will be aware of the danger.

谷歌則爲其週一採取的行動進行了辯護，稱它總是會在就關鍵漏洞向其他軟件公司發出警告的七日後公佈這些漏洞的細節，以便讓電腦用戶能夠意識到其中的風險。

It said it had also warned Adobe about a flaw in its own Flash software which, used together with the Windows vulnerability, had enabled hackers to exploit machines.

谷歌表示，該公司還曾就Adobe Flash軟件中的一個漏洞向Adobe發出警告。該漏洞與Windows的那個漏洞結合起來，令黑客得以攻陷電腦。

Adobe released a patch for its own product last Wednesday, less than a week after being warned about it.

Adobe在上週三發佈了對其自身產品漏洞的補丁，距該公司接到谷歌警告還不到一週時間。

Anyone using Microsoft’s new Edge browser, which is included in Windows 10, should be protected, the company said.

微軟表示，任何使用微軟新的Edge瀏覽器（該瀏覽器被包含在Windows 10系統中）的用戶應該不會受到攻擊。

But other versions of Windows will be exposed until at least November 8, the date when Microsoft said it planned to release a patch to solve the problem.

不過，其他版本的Windows至少在11月8日前會面臨受攻擊的風險。微軟表示，它計劃在11月8日發佈補丁解決這個問題。