视窗XP安全缺陷非常严重

Windows XP security bug very serious

视窗XP安全缺陷非常严重

A software glitch with Windows XP, Microsoft's new flagship operating system, leaves users in unprecedented danger according to the company's own security experts. Some older versions of Windows may also be affected.

据微软公司安全问题安全专家介绍，新王牌操作系统即视窗XP有软件缺陷，该缺陷可使用户处于空前的危险。一些旧版的视窗也可能受到影响。

The hole is in a service called Universal Plug and Play, which comes as standard with Windows XP. The bug allows a malicious hacker to gain complete control over a computer. UPnP is intended to allow a PC to control a broad range of hardware, including the latest home appliances. UPnP can also be added to Windows 98, 98SE and ME.

该漏洞在一种叫作“通用即插即用”的服务功能上，它符合视窗XP的标准。该缺陷可使恶意的黑客完全控制安装此软件的计算机。开发“通用即插即用”的功能是为了能使计算机控制多种硬件，包括最新的家庭用电器。该软件还可以添置到视窗98、98SE和ME上。

Microsoft representatives say that the fault poses an unprecedented risk because a user is vulnerable as soon as they connect to the internet - no other action is required. The company has recommended that all users running UPnP download and install a new patch immediately.

微软代表说，因为不需采取其它行动，只要该软件用户联到因特网上就可能受害，所以该缺陷造成的危险是空前未有的。所有使用这种“通用即插即用”的用户应立即下载和安装一种新的修正软件。

Microsoft touted Windows XP as its most secure operating system ever when the software was launched worldwide on 25 October. The company estimates that it has sold over seven million copies of the platform since then.

微软曾扬言视窗XP是它最安全的操作系统，自从10月25日在全世界推出该软件后，该公司估计已售出700多万套。

Spokesman Jim Desler said: "We are in the process of notifying our customers. We have mobilized all of our technical account managers worldwide who work with big clients and we have a very broad email list for email notification."

公司发言人Jim Desler说：“我们正在通知我们的客户，我们已经动员了公司遍布全世界为大客户服务的技术项目经理，还对大量的电子邮件地址名单发出了电子邮件通知。”

There are two sides to the UPnP flaw. The first could allow the hacker to break into a Windows system and run any programs or code they choose by sending a specially designed network message.

“通用即插即用”的缺陷有两个方面。一是可能允许黑客用输入一种特别编制的网络信息，闯入一种视窗系统，操纵全部程序或由他们任意编码。

The second might enable the hacker to overload a Windows machine and prevent it from functioning properly. This can be achieved by sending similarly customised network messages repeatedly.

其二是黑客可以让装有视窗的电脑超载，使该机功能失常，用反复输入类似定制网络信息的方法就可达此目的。

The hole was discovered by Riley Hassell of US security company eEye Digital Security. In his advisory, Hassell hints that there may be further problems with the UPnP service.

该缺陷是由美国eEye数字安全公司的Riley Hassell发现的。在他的报告中，他暗示“通用即插即用”可能还有更多的问题。

The US government-sponsored computer monitoring service, the Computer Emergency Response Team has also issued an open warning to computer users about the problem.

美国政府资助的计算机监测部门即计算机应急小组也已发出公开警告，告诫计算机用户关注这一问题。