Microsoft Warn that Browser has New Security Flaw
微软警告浏览器有新缺陷
Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows.
微软已发布关键性警告称,其视窗操作系统Windows有新缺陷。
In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers. The bug potentially affects every user of the Internet Explorer web browser -around 900 million people worldwide.
该公司在一项安全警告中称,一个漏洞有可能会被恶意黑客用来偷窃私人信息或是劫持电脑。该缺陷可能影响所有网络浏览器,因特网浏览器用户,全球约有九亿人。
Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix. The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines. Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents.
微软已发布软件补丁来防御攻击,并表示,它正在制定一项长期的修复。在周五发布的该安全劝告,详细公布有关该弱点能如何被用来操纵用户和接管他们的电脑。虽然该缺陷实际上是在Windows本身内,但似乎只影响Internet Explorer处理某些网页和文件的方式。
Microsoft admitted that the problem meant users could easily be fooled into downloading rnalicious files by doing something as simple as clicking on a web link. "When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session ," wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory. Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added. "Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."
微软承认,该问题意味着用户可能会傻傻地点击一个网页链接去下载恶意文件,就那么简单。微软代表安琪拉·甘恩在网站公布附随该劝告写道当用户点击那链接时,恶意脚本即运行用户电脑当前的Internet Explorer其余操作状态。一旦电脑被劫持,黑客能用它来偷窃个人资料或是把用户发送到假网站去。此类脚本能收集用户信息,例如电子邮件、使戏弄内容显示于浏览器上,抑或干扰用户的使用。"
Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat. And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it. All Windows users -particularly those who use Internet Explorer -are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
虽然微软表示,它尚未见黑客曾利用该干扰的迹象,但警告说,调查已显示那是一个很严重的威胁。它目前尚无法删除该漏洞本身,但却发布一项自动修复安全补丁去防止任何不轨企图。该公司催促所有Windows用户,尤其是使用Internet Explorer的用户,在其安全团队正在制定能一劳永逸的补漏办法之际,赶紧下载该修复补丁。