[MS10-061] ÇÁ¸°Æ® ½ºÇ®·¯ ¼ºñ½º(Print Spooler Service) Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ìÀÇ ÇÁ¸°Æ® ½ºÇ®·¯°¡ »ç¿ëÀÚÀÇ ÇÁ¸°Æ® ½ºÇ®·¯ Á¢±Ù¿¡ ´ëÇÑ Çã¿ëÀ» ÃæºÐÈ÷ °ËÁõÇÏÁö ¾Ê¾Æ¼
¹ß»ýÇÏ´Â Ãë¾àÁ¡
¡Ø ÇÁ¸°Æ® ½ºÇ®·¯ ¼ºñ½º : ÇÁ¸°ÅÍ µå¶óÀ̹öÀÇ À§Ä¡¸¦ ã¾Æ ·ÎµùÇÏ°í, ¿ì¼± ¼øÀ§¿¡ µû¶ó ÇÁ¸°Æ®
ÀÛ¾÷À» ½ºÄÉÁÙ¸µÇÏ´Â ÀÛ¾÷ µîÀ» Æ÷ÇÔÇÏ´Â Àμâ°úÁ¤ °ü¸® ¼ºñ½º
o °ø°ÝÀÚ´Â RPC¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Â ÀÎÅÍÆäÀ̽ºÀÇ ÇÁ¸°Æ® ½ºÇ®·¯°¡ ÀÖ´Â ½Ã½ºÅÛ¿¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ
ÇÁ¸°Æ® ¿äûÀ» Àü¼ÛÇØ »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Print Spooler Service Impersonation Vulnerability - CVE-2010-2729
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-061.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-061.mspx
[MS10-062] MPEC-4 ÄÚµ¦ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ì ¹Ìµð¾î ÄÚµ¦ÀÌ Æ÷ÇԵǾî ÀÖ´Â MPEG-4 ÄÚµ¦ÀÌ MPEG-4 ºñµð¿À ÀÎÄÚµùÀ» »ç¿ëÇÑ Á¶ÀÛµÈ
¹Ìµð¾î ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏÀ» À̸ÞÀÏ »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇϰųª, Ư¼öÇÏ°Ô
Á¶ÀÛµÈ ½ºÆ®¸®¹Ö ¼ºñ½º¸¦ Á¦°øÇÏ´Â À¥ »çÀÌÆ®¸¦ ¹æ¹®Çϵµ·Ï À¯µµÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ
¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- MPEG-4 Codec Vulnerability - CVE-2010-0818
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-062.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-062.mspx
[MS10-063] À¯´ÏÄÚµå ½ºÅ©¸³Æ® ÇÁ·Î¼¼¼(Unicode Scripts Processor) Ãë¾àÁ¡À¸·Î ÀÎÇÑ
¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À¯´ÏÄÚµå ½ºÅ©¸³Æ® ÇÁ·Î¼¼¼¸¦ »ç¿ëÇÏ´Â À©µµ¿ì³ª MS¿ÀÇǽº°¡ OpneType ÆùÆ®ÀÇ Æ¯¼ö¹®ÀÚ¸¦
ÆĽÌÇÏ´Â °úÁ¤¿¡¼ ·¹À̾ƿôÀÇ Å×À̺íÀ» Á¤È®ÇÏ°Ô °ËÁõÇÏÁö ¾Ê¾Æ ¹ß»ýÇÏ´Â Ãë¾àÁ¡
¡Ø À¯´ÏÄÚµå ½ºÅ©¸³Æ® ÇÁ·Î¼¼¼(USP10.dll) : À¯´ÏÄÚµå·Î ÀÎÄÚµùµÈ º¹ÀâÇÑ ÅؽºÆ® ·¹À̾ƿôÀ»
·£´õ¸µÇϱâ À§ÇÑ APIµéÀÇ ¹À½
o °ø°ÝÀÚ´Â OpenType ÆùÆ®°¡ ³»ÀåµÈ ÀÀ¿ëÇÁ·Î±×·¥À¸·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¹®¼ÆÄÀÏÀ̳ª À¥ÆäÀÌÁö¸¦
¿¾îº¸µµ·Ï À¯µµÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Uniscribe Font Parsing Engine Memory Corruption Vulnerability - CVE-2010-2738
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-063.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-063.mspx
[MS10-064] MS Outlook Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Microsoft OutlookÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ À̸ÞÀÏÀ» ÆĽÌÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̸ÞÀÏÀ» Àü¼ÛÇÏ¿© OutlookÀ¸·Î ¹Ì¸®º¸±â¸¦ Çϰųª ¿¾îº¸µµ·Ï À¯µµ
ÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Heap Based Buffer Overflow in Outlook Vulnerability - CVE-2010-2728
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Outlook 2002 SP3 on Microsoft Office XP SP3
- Microsoft Outlook 2003 SP3 on Microsoft Office 2003 SP3
- Microsoft Outlook 2007 SP2 on Microsoft Office 2007 SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Outlook 2010 (32-bit editions)
- Microsoft Outlook 2010 (64-bit editions)
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-064.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-064.mspx
[MS10-065] Microsoft Internet Information Services(IIS) Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o IIS ¼¹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ HTTP ¿äû¿¡ ´ëÇØ ASP ½ºÅ©¸³Æ®¸¦ ó¸®ÇÏ´Â ÄÚµåÀÇ ½ºÅÃ
¿À¹öÇ÷οì, FastCGI·Î HTTP ÇØ´õ¸¦ ó¸®ÇÏ´Â °úÁ¤À̳ª Ư¼öÇÏ°Ô Á¶ÀÛµÈ URLÀ» ÆĽÌÇÏ´Â
°úÁ¤¿¡¼ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
¡Ø IIS(Internet Information Services) : FTP, SMTP, NNTP, HTTP/HTTPS µîÀÇ ÇÁ·ÎÅäÄÝÀ»
Áö¿øÇÏ´Â MSÀÇ ÀÎÅÍ³Ý Á¤º¸ ¼ºñ½º
¡Ø FastCGI(Fast Common Gateway Interface) : À¥¼¹ö¿¡¼ ÀÀ¿ëÇÁ·Î±×·¥À» È£ÃâÇÒ ¶§ »ç¿ë
ÇÏ´Â ¹æ¹ýÀÎ CGIÀÇ ¼Óµµ¸¦ ÁõÁø½ÃÅ°±â À§ÇÑ ÇÁ·Î±×·¡¹Ö ÀÎÅÍÆäÀ̽º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ HTTP ¿äûÀ» Àü¼ÛÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- IIS Repeated Parameter Request Denial of Service Vulnerability - CVE-2010-1899
- Request Header Buffer Overflow Vulnerability - CVE-2010-2730
- Directory Authentication Bypass Vulnerability - CVE-2010-2731
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î (IIS ASP)
- IIS 5.1 on Windows XP SP3
- IIS 6.0 on Windows XP Professional x64 Edition SP2
- IIS 6.0 on Windows Server 2003 SP2
- IIS 6.0 on Windows Server 2003 x64 Edition SP2
- IIS 6.0 on Windows Server 2003 with SP2 for Itanium-based Systems
- IIS 7.0 on Windows Vista SP1, SP2
- IIS 7.0 on ows Vista x64 Edition SP1, SP2
- IIS 7.0 on ows Server 2008 for 32-bit Systems, SP2
- IIS 7.0 on Windows Server 2008 for x64-based Systems, SP2
- IIS 7.0 on Windows Server 2008 for Itanium-based Systems, SP2
- IIS 7.5 on Windows 7 for 32-bit Systems
- IIS 7.5 on Windows 7 for x64-based Systems
- IIS 7.5 on Windows Server 2008 R2 for x64-based Systems
- IIS 7.5 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î (IIS FastCGI)
- IIS 7.5 on Windows 7 for 32-bit Systems
- IIS 7.5 on Windows 7 for x64-based Systems
- IIS 7.5 on Windows Server 2008 R2 for x64-based Systems
- IIS 7.5 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î (IIS Authentication)
- IIS 5.1 on Windows XP SP3
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-064.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-064.mspx
[MS10-066] Remote Procedure Call(RPC) Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ŭ¶óÀ̾ðÆ®ÀÇ RPC ¿äû¿¡ ´ëÇØ ¼¹ö¿¡¼ Àü¼ÛµÈ Ư¼öÇÏ°Ô Á¶ÀÛµÈ RPC ÀÀ´äÀ» Ŭ¶óÀ̾ðÆ®°¡ ÆĽÌ
ÇÏ´Â °úÁ¤¿¡¼ ºÎÀûÀýÇÑ ¸Þ¸ð¸®¸¦ ÇÒ´çÀ¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
¡Ø Remote Procedure Call(RPC) : ³×Æ®¿öÅ©¸¦ ÅëÇØ ¿ø°Ý ÄÄÇ»ÅÍ¿¡ ÀÖ´Â ÇÔ¼ö È£Ãâ µîÀÇ ±â´ÉÀ»
Á¦°øÇÏ´Â ³×Æ®¿öÅ© ÇÁ·Î±×·¡¹Ö Ç¥ÁØ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ RPC ¼¹ö¸¦ »ç¿ëÇÏ¿© »ç¿ëÀÚ¿¡°Ô RPC ¿äûÀ» Çϵµ·Ï À¯µµÇÏ°í, Ư¼ö
ÇÏ°Ô Á¶ÀÛµÈ RPC ÀÀ´äÀ¸·Î Áß°£ÀÚ °ø°ÝÀ» ¼öÇàÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- RPC Memory Corruption Vulnerability - CVE-2010-2567
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-064.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-064.mspx
[MS10-067] WordPad Text Converters Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o WordPad·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ¿¾úÀ» ¶§, WordPad Text Converter°¡ ƯÁ¤ ¿µ¿ªÀ» ÆĽÌ
ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø WordPad Text Converters : Microsoft ¿î¿µÃ¼Á¦ÀÇ ±âº» ±¸¼º¿ä¼Ò·Î Microsoft Word¸¦
»ç¿ëÇÏÁö ¾Ê´Â »ç¿ëÀÚ°¡ Microsoft Windows Write(.wri) ÆÄÀÏ Æ÷¸ä°ú Microsoft Word(.doc)
ÆÄÀÏ Æ÷¸ËÀ» WordPad·Î ¿¾îº¼ ¼ö ÀÖµµ·Ï º¯È¯ÇØÁÖ´Â º¯È¯±â
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word ÆÄÀÏÀ» À̸ÞÀÏ¿¡ ÷ºÎÇÏ¿© ½ÇÇàÀ» À¯µµÇϰųª, À¥»çÀÌÆ®¿¡¼
Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word ÆÄÀÏÀ» ¿¾îº¸µµ·Ï À¯µµÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- WordPad Word 97 Text Converter Memory Corruption Vulnerability - CVE-2010-2563
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-067.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-067.mspx
[MS10-068] Local Security Authority Subsystem Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Active Directory, ADAM, AD LDSÀÇ ±¸Çö ¹®Á¦·Î ÀÎÇØ LSASS°¡ ƯÁ¤ LDAP ¸Þ½ÃÁö¸¦ ó¸®ÇÏ´Â
°úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø Active Directory : Microsoft¿¡¼ °³¹ßÇÑ µð·ºÅ丮 ±â¹Ý °ü¸® ¼ºñ½º
¡Ø Active Directory Application Mode(ADAM) : Windows XP ¹× Windows Server 2003¿¡¼
Á¦°øµÇ¸ç ÀÀ¿ë ÇÁ·Î±×·¥À» À§ÇÑ Àü¿ë µð·ºÅ͸® ¼ºñ½º¸¦ Á¦°øÇÏ´Â µ¶¸³ ¸ðµåÀÇ Active Directory
¡Ø Active Directory Lightweight Directory Service(AD LDS) : ADAMÀ» ´ëüÇϸç, Windows
Server 2008 À̻󿡼 Á¦°øµÇ´Â ÀÀ¿ë ÇÁ·Î±×·¥À» À§ÇÑ Àü¿ë µð·ºÅ͸® ¼ºñ½º¸¦ Á¦°øÇÏ´Â µ¶¸³
¸ðµåÀÇ Active Directory
¡Ø Lightweight Directory Access Protocol (LDAP) : ÀÎÅÍ³Ý µð·ºÅ丮¸¦ ¿¬°á, °Ë»ö ¹× ¼öÁ¤
Çϴµ¥ »ç¿ëµÇ´Â µð·ºÅ丮 ¼ºñ½º ÇÁ·ÎÅäÄÝ
¡Ø Local Security Authority Subsystem Service(LSASS) : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ, ¿¢Æ¼ºê
µð·ºÅ丮 ¼ºñ½º ÇÁ·Î¼¼½º µîÀ» °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼ºñ½º
o °ø°ÝÀÚ´Â LSASS ¼¹ö¿Í ÀÎÁõ°úÁ¤À» °ÅÄ£ ÈÄ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ LDAP ¸Þ½ÃÁö¸¦ LSASS ¼¹ö·Î
Àü¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- WordPad Word 97 Text Converter Memory Corruption Vulnerability - CVE-2010-2563
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- ADAM on Windows XP SP3
- ADAM on Windows XP Professional x64 Edition SP2
- Active Directory, ADAM on Windows Server 2003 SP2
- Active Directory, ADAM on Windows Server 2003 x64 Edition SP2
- Active Directory on Windows Server 2003 with SP2 for Itanium-based Systems
- AD LDS on Windows Vista SP2
- AD LDS on Windows Vista x64 Edition SP2
- Active Directory, AD LDS on Windows Server 2008 for 32-bit Systems, SP2
- Active Directory, AD LDS on Windows Server 2008 for x64-based Systems, SP2
- AD LDS on Windows 7 for 32-bit Systems
- AD LDS on Windows 7 for x64-based Systems
- AD LDS on Windows Server 2008 R2 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1
- Windows Vista x64 Edition SP1
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-068.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-068.mspx
[MS10-069] Windows Client/Server Runtime Subsystem Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows CSRSS°¡ Áß±¹¾î, ÀϺ»¾î, Çѱ¹¾î·Î ½Ã½ºÅÛ ·ÎÄÉÀÏÀ» ¼³Á¤ÇÑ À©µµ¿ì ½Ã½ºÅÛ¿¡¼ ƯÁ¤
»ç¿ëÀÚ Æ®·£Á§¼ÇÀ» ó¸®Çϴµ¥ ÃæºÐÈ÷ ¸Þ¸ð¸®¸¦ ÇÒ´çÇÏÁö ¾Ê¾Æ¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡
ÀÌ Á¸Àç
¡Ø Windows Client/Server Runtime Subsystem (CSRSS) : Win32 ¼ºê½Ã½ºÅÛÀÇ »ç¿ëÀÚ¸ðµå
ºÎºÐÀ¸·Î ÄÜ¼Ö À©µµ¿ì, ½º·¹µåÀÇ »ý¼º/»èÁ¦ µî¿¡ °ü¿©Çϸç Ç×»ó ½ÇÇàµÇ¾î¾ß ÇÏ´Â ±âº»Àû ¼ºê
½Ã½ºÅÛ
¡Ø ½Ã½ºÅÛ ·ÎÄÉÀÏ(system locale) : ±âº» ¹®ÀÚ™V(¹®ÀÚ, ±âÈ£, ¼ýÀÚ), µð½ºÇ÷¹ÀÌ¿ë ÆùÆ®,
À¯´ÏÄڵ带 »ç¿ëÇÏÁö ¾Ê´Â ÇÁ·Î±×·¥ÀÇ ÀÔ·Â Á¤º¸ µî »ç¿ëÀÚ ¾ð¾î¸¦ °áÁ¤ÇÏ´Â º¯¼öÁýÇÕ
o °ø°ÝÀÚ´Â ÇØ´ç ½Ã½ºÅÛ¿¡ ·Î±×ÀÎÇÑ ÈÄ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ÀÀ¿ëÇÁ·Î±×·¥À» ½ÇÇàÇÏ¿© ¿ÏÀüÇÑ »ç¿ëÀÚ
±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- CSRSS Local Elevation of Privilege Vulnerability - CVE-2010-1891
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-069.mspx
¿øº» : http://www.krcert.or.kr |
