谷歌公布Windows漏洞招致微软谴责

Microsoft on Tuesday warned that a group of hackers linked to attacks on the Democratic National Committee had exploited a vulnerability in all Windows PCs that it would not be able to fully mend for another week.

周二，微软(Microsoft)警告称，一群与美国民主党全国委员会(Democratic National Committee)受到的攻击有关的黑客，已对所有Windows系统个人电脑上的一个漏洞加以利用，而该漏洞还需要一周时间才能被完全修补。

The flaw was disclosed publicly on Monday by Google, provoking a sharp rebuke from Microsoft about the dangers of revealing flaws like this before fixes are available.

该漏洞是周一由谷歌(Google)公开披露的。谷歌此举引发了微软的强烈谴责，后者称在发布补丁前就披露这样的漏洞很危险。

Microsoft said the software flaw had been used by a group it calls Strontium, and which is known more widely as Fancy Bear. The group, which has been operating for nearly a decade, has been linked by security researchers to the Russian military and has been tied to a number of attacks on government, military and corporate systems. These include an assault on the DNC this year that is believed to have led to subsequent email leaks that have embarrassed the Democratic party in the run-up to the presidential election.

微软表示，这一软件漏洞已被一家它称为“锶”(Strontium)的组织利用。该组织更为人熟知的名字是Fancy Bear，迄今已运作了将近十年。安全研究人员认为，该组织与俄罗斯军方有关联。人们还认为，该组织与多起对政府、军方和企业系统的网络攻击有关，其中包括今年对美国民主党全国委员会的一次攻击。这次攻击据信导致了随后的电子邮件外泄，令民主党(Democratic Party)在美国总统大选前夕狼狈不堪。

The flaw was uncovered by two security researchers at Google and notified to Microsoft on October 21. On Monday, when the software company had still not released a “patch” to repair its Windows operating system from attack, Google publicly announced the vulnerability.

该漏洞由谷歌的两名安全研究人员发现，谷歌在10月21日通知了微软。周一，在微软还未发布“补丁”修补其Windows操作系统以防范这一攻击之际，谷歌就公开宣布了这一漏洞。

Terry Myerson, head of the Windows business, hit out at the internet company on Tuesday afternoon, suggesting that it had not shown “responsible technology industry participation”. Disclosing a so-called “zero-day” exploit before it has been repaired alerts other hackers to the flaw and can lead to more attacks on Windows PCs.

周二下午，微软Windows业务主管特里•迈尔森(Terry Myerson)对谷歌发起猛烈抨击，称谷歌未表现出“负责任的科技业参与意识”。在一个所谓的“零日”漏洞被修补前就披露它，会提醒其他黑客注意该漏洞，这可能会引发对Windows系统个人电脑的更多攻击。

“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Mr Myerson wrote in a blog post.

迈尔森在一篇博客文章中写道：“谷歌决定在补丁被广泛提供和测试前就披露这些漏洞，这令人失望，会将用户置于更大的风险之中。”

Google defended its actions on Monday, saying it always published details of “critical vulnerabilities” seven days after it warns other software companies about them so that computer users will be aware of the danger.

谷歌则为其周一采取的行动进行了辩护，称它总是会在就“关键漏洞”向其他软件公司发出警告的七日后公布这些漏洞的细节，以便让电脑用户能够意识到其中的风险。

It said it had also warned Adobe about a flaw in its own Flash software which, used together with the Windows vulnerability, had enabled hackers to exploit machines. Adobe released a patch for its own product last Wednesday, less than a week after being warned about it.

谷歌表示，该公司还曾就Adobe Flash软件中的一个漏洞向Adobe发出警告。该漏洞与Windows的那个漏洞结合起来，令黑客得以攻陷电脑。Adobe在上周三发布了对其自身产品漏洞的补丁，距该公司接到谷歌警告还不到一周时间。

Anyone using Microsoft’s new Edge browser, which is included in Windows 10, should be protected, the company said. But other versions of Windows will be exposed until at least November 8, the date when Microsoft said it planned to release a patch to solve the problem.

微软表示，任何使用微软新的Edge浏览器(该浏览器被包含在Windows 10系统中)的用户应该不会受到攻击。不过，其他版本的Windows至少在11月8日前会面临受攻击的风险。微软表示，它计划在11月8日发布补丁解决这个问题。