行业新闻     |      2021-01-16 00:21


Microsoft on Tuesday warned that a group of hackers linked to attacks on the Democratic National Committee had exploited a vulnerability in all Windows PCs that it would not be able to fully mend for another week.周二,微软公司(Microsoft)警告称之为,一群与美国民主党全国委员会(Democratic National Committee)受到的反击有关的黑客,已对所有Windows系统个人电脑上的一个漏洞加以利用,而该漏洞还必须一周时间才能被几乎修复。The flaw was disclosed publicly on Monday by Google, 该漏洞是周一由谷歌(Google)公开发表透露的。provoking a sharp rebuke from Microsoft about the dangers of revealing flaws like this before fixes are available.谷歌此举引起了微软公司的反感指责,后者称之为在公布补丁前就透露这样的漏洞很危险性。

Microsoft said the software flaw had been used by a group it calls Strontium, and which is known more widely as Fancy Bear. 微软公司回应,这一软件漏洞已被一家它称作锶(Strontium)的的组织利用。该的组织更加人熟悉的名字是Fancy Bear,迄今已运作了将近十年。

The group, which has been operating for nearly a decade, has been linked by security researchers to the Russian military and has been tied to a number of attacks on government, military and corporate systems. 安全性研究人员指出,该的组织与俄罗斯军方有关联。人们还指出,该的组织与多起对政府、军方和企业系统的网络攻击有关,其中还包括今年对美国民主党全国委员会的一次反击。These include an assault on the DNC this year that is believed to have led to subsequent email leaks that have embarrassed the Democratic party in the run-up to the presidential election.这次反击据信造成了随后的电子邮件泄漏,令其民主党(Democratic Party)在美国总统大选前夕狼狈不堪。

The flaw was uncovered by two security researchers at Google and notified to Microsoft on October 21. 该漏洞由谷歌的两名安全性研究人员找到,谷歌在10月21日通报了微软公司。On Monday, when the software company had still not released a patch to repair its Windows operating system from attack, Google publicly announced the vulnerability.周一,在微软公司还并未公布补丁修复其Windows操作系统以防止这一反击之际,谷歌就公开发表宣告了这一漏洞。Terry Myerson, head of the Windows business, hit out at the internet company on Tuesday afternoon, suggesting that it had not shown responsible technology industry participation. 周二下午,微软公司Windows业务主管特里.迈尔森(Terry Myerson)对谷歌发动激烈批评,称之为谷歌并未展现出出有负责任的科技业参予意识。


Disclosing a so-called zero-day exploit before it has been repaired alerts other hackers to the flaw and can lead to more attacks on Windows PCs.在一个所谓的零日漏洞被修复前就透露它,不会警告其他黑客留意该漏洞,这可能会引起对Windows系统个人电脑的更好反击。Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk, Mr Myerson wrote in a blog post.迈尔森在一篇博客文章中写到:谷歌要求在补丁被普遍获取和测试前就透露这些漏洞,这令人沮丧,不会将用户置放更大的风险之中。

Google defended its actions on Monday, saying it always published details of critical vulnerabilities seven days after it warns other software companies about them so that computer users will be aware of the danger.谷歌则为其周一采行的行动展开了申辩,称之为它总是会在就关键漏洞向其他软件公司收到警告的七日后发布这些漏洞的细节,以便让电脑用户需要意识到其中的风险。It said it had also warned Adobe about a flaw in its own Flash software which, used together with the Windows vulnerability, had enabled hackers to exploit machines. 谷歌回应,该公司还曾就Adobe Flash软件中的一个漏洞向Adobe收到警告。该漏洞与Windows的那个漏洞融合一起,令其黑客以求攻破电脑。

Adobe released a patch for its own product last Wednesday, less than a week after being warned about it.Adobe在上周三公布了对其自身产品漏洞的补丁,距该公司收到谷歌警告还将近一周时间。Anyone using Microsoft’s new Edge browser, which is included in Windows 10, should be protected, the company said. 微软公司回应,任何用于微软公司新的Edge浏览器(该浏览器被包括在Windows 10系统中)的用户应当会受到反击。But other versions of Windows will be exposed until at least November 8, the date when Microsoft said it planned to release a patch to solve the problem.不过,其他版本的Windows最少在11月8日前不会面对不受反击的风险。微软公司回应,它计划在11月8日公布补丁解决问题这个问题。