HOME > °øÁö»çÇ×
[MS ±ä±Þ ÆÐÄ¡ °øÁö] ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾àÁ¡ ÆÐÄ¡ ¾È³» | |
---|---|
ÀÛ¼ºÀÚ : Any3(knhim@hanmail.net) ÀÛ¼ºÀÏ : 2009-03-11 Á¶È¸¼ö : 7392 | |
ÆÄÀÏ÷ºÎ : | |
¡á °³ ¿ä
MSÞä´Â 3¿ù 11ÀÏ MS À©µµ¿ì ¹× DNS/Wins ¼¹ö¿¡¼ ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾à Á¡ 3°Ç(±ä±Þ 1, Áß¿ä 2)À» ¹ßÇ¥ÇÏ¿´´Â ¹Ù, °¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ MSÞäÀÇ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Á¶¼ÓÈ÷ ¼³Ä¡ÇϽñ⠹ٶø´Ï´Ù. ¡á º¸¾È ¾÷µ¥ÀÌÆ®¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ ¹× °ü·Ã »çÀÌÆ® 1. À©µµ¿ì Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦Á¡(±ä±Þ, 958690) o ¼³ ¸í GDI Ä¿³Î ÄÄÆ÷³ÍÆ®¿¡ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Á¶ÀÛµÈ EMF, WMF À̹ÌÁö ÆÄÀÏÀÌ Æ÷ÇÔµÈ ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÑ ÈÄ »ç¿ëÀÚÀÇ ¹æ¹®À» À¯µµÇϰųª À̸ÞÀÏ Ã·ºÎÆÄÀÏÀ» ¿¾îº¸µµ·Ï À¯µµÇÏ¿© Ãë¾à½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´ÉÇÏ´Ù. * GDI(Graphics Device Interface) : MS À©µµ¿ì¿¡¼ ȸ鿡 ½ºÅ©·Ñ¹Ù, ¼± µî ¸ðµç ±×·¡ÇÈ °´Ã¼µéÀ» ±×¸®´Â ÀÎÅÍÆäÀ̽º * WMF(Windows Meta File) : º¤Å͹æ½ÄÀÇ À̹ÌÁö ÆÄÀÏÀ» Áö¿øÇϱâ À§ÇÑ wmf È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ·Î MS Office µîÀÇ Å¬¸³¾ÆÆ®¿¡ ÁÖ·Î ÀÌ¿ë * EMF(Enhanced Metafile) : WMFÀÇ 32ºñÆ® È®ÀåÇü ÆÄÀÏ Æ÷¸Ë o °ü·Ã Ãë¾àÁ¡ - Windows Kernel Input Validation Vulnerability(CVE-2009-0081) - Windows Kernel Handle Validation Vulnerability(CVE-2009-0082) - Windows Kernel Invalid Pointer Vulnerability(CVE-2009-0083) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Windows Server 2003 SP1, SP2 - Windows Server 2003 x64 Edition, SP2 - Windows Server 2003 with SP1, SP2 for Itanium-based Systems - Windows Vista, SP1 - Windows Vista x64 Edition, SP1 - Windows Server 2008 for 32-bit Systems - Windows Server 2008 for x64-based Systems - Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS09-006.mspx 2. SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 960225) o ¼³ ¸í SChannel ÀÎÁõ ÄÄÆ÷³ÍÆ®°¡ °øÀÎÀÎÁõ¼ ±â¹ÝÀÇ ÀÎÁõÀ» ¼öÇàÇÏ´Â °úÁ¤¿¡ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Àΰ¡µÈ »ç¿ëÀÚÀÇ °øÀÎÀÎÁõ¼¸¦ ÀÌ¿ë, ºñ¹ÐÅ° ¾øÀÌ ÀÎÁõÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù. * SChannel(Secure Channel) : MS À©µµ¿ì¿¡¼ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ »ç¿ëµÇ´Â º¸¾ÈÇÁ ·ÎÅäÄݷμ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼¹ö¿¡¼ »ç¿ë * ½ºÇªÇÎ(Spoofing) : ÀÚ±â ÀÚ½ÅÀÇ ½Äº° Á¤º¸¸¦ ¼Ó¿© ´ë»ó ½Ã½ºÅÛÀ» °ø°ÝÇÏ´Â ¼ö¹ý o °ü·Ã Ãë¾àÁ¡ - SChannel Spoofing Vulnerability(CVE-2009-0085) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Windows Server 2003 SP1, SP2 - Windows Server 2003 x64 Edition, SP2 - Windows Server 2003 with SP1, SP2 for Itanium-based Systems - Windows Vista, SP1 - Windows Vista x64 Edition, SP1 - Windows Server 2008 for 32-bit Systems - Windows Server 2008 for x64-based Systems - Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-007.mspx 3. DNS¿Í WINS ¼¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 962238) o ¼³ ¸í MS À©µµ¿ì DNS¿Í WINS ¼¹ö¿¡¼ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â DNS ¼¹ö¿¡ Á¶ÀÛ µÈ Äõ¸®¸¦ º¸³»°Å³ª WINS ¼¹ö¿¡ man-in-the-middle-attackÀ» ÇÏ¿© ÀÎÅÍ³Ý Æ®·¡ÇÈÀÇ °æ·Î¸¦ ¿øÇÏ´Â °÷À¸·Î º¯°æÇÒ ¼ö ÀÖ´Ù. * WINS(Windows Internet Name Service) ¼¹ö : TCP/IPȯ°æ¿¡¼ NetBIOS À̸§(ÄÄÇ»ÅÍ À̸§)À» IP ÁÖ¼Ò¿Í ¼·Î ¿¬°á½ÃÄÑÁÖ´Â ¿ªÇÒÀ» ÇÏ´Â ¼¹ö * man-in-the-middle-attack(Áß°£ÀÚ °ø°Ý) : µÎ ´ç»çÀÚ°£ÀÇ Åë½Å ¸Þ¼¼Áö¸¦ °ø°ÝÀÚ°¡ Áß°£¿¡¼ ¸¶À½´ë ·Î °¡·Îç ¼ö ÀÖ´Â °ø°Ý o °ü·Ã Ãë¾àÁ¡ - DNS Server Query Validation Vulnerability(CVE-2009-0233) - DNS Server Response Validation Vulnerability(CVE-2009-0234) - DNS Server Vulnerability in WPAD Registration Vulnerability(CVE-2009-0093) - WPAD WINS Server Registration Vulnerability(CVE-2009-0094) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - DNS/WINS Server on Microsoft Windows 2000 SP4 - DNS/WINS Server on Microsoft Windows Server 2003 SP1, SP2 - DNS/WINS Server on Microsoft Windows Server 2003 x64 Edition, SP2 - DNS/WINS Server on Microsoft Windows Server 2003 for Itanium-based Systems SP1, SP2 - DNS Server on Windows Server 2008 for 32-bit Systems - DNS Server on Windows Server 2008 for x64-based Systems o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 Professional SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Microsoft Windows Vista, SP1 - Microsoft Windows Vista x64 Edition, SP1 - Microsoft Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-008.mspx ¡á Âü°íÁ¤º¸ Microsoft Update ¡æ http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko |
ÀÌÀü±Û | È£½ºÆà ÀÌÀü ÀÛ¾÷ °øÁö |
---|---|
´ÙÀ½±Û | ¼¹ö ¾ÈÁ¤È ÀÛ¾÷ °øÁö |
|
[MS ±ä±Þ ÆÐÄ¡ °øÁö] ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾àÁ¡ ÆÐÄ¡ ¾È³» | |
---|---|
ÀÛ¼ºÀÚ : Any3 | 2009-03-11 |
¡á °³ ¿ä
MSÞä´Â 3¿ù 11ÀÏ MS À©µµ¿ì ¹× DNS/Wins ¼¹ö¿¡¼ ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾à Á¡ 3°Ç(±ä±Þ 1, Áß¿ä 2)À» ¹ßÇ¥ÇÏ¿´´Â ¹Ù, °¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ MSÞäÀÇ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Á¶¼ÓÈ÷ ¼³Ä¡ÇϽñ⠹ٶø´Ï´Ù. ¡á º¸¾È ¾÷µ¥ÀÌÆ®¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ ¹× °ü·Ã »çÀÌÆ® 1. À©µµ¿ì Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦Á¡(±ä±Þ, 958690) o ¼³ ¸í GDI Ä¿³Î ÄÄÆ÷³ÍÆ®¿¡ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Á¶ÀÛµÈ EMF, WMF À̹ÌÁö ÆÄÀÏÀÌ Æ÷ÇÔµÈ ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÑ ÈÄ »ç¿ëÀÚÀÇ ¹æ¹®À» À¯µµÇϰųª À̸ÞÀÏ Ã·ºÎÆÄÀÏÀ» ¿¾îº¸µµ·Ï À¯µµÇÏ¿© Ãë¾à½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´ÉÇÏ´Ù. * GDI(Graphics Device Interface) : MS À©µµ¿ì¿¡¼ ȸ鿡 ½ºÅ©·Ñ¹Ù, ¼± µî ¸ðµç ±×·¡ÇÈ °´Ã¼µéÀ» ±×¸®´Â ÀÎÅÍÆäÀ̽º * WMF(Windows Meta File) : º¤Å͹æ½ÄÀÇ À̹ÌÁö ÆÄÀÏÀ» Áö¿øÇϱâ À§ÇÑ wmf È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ·Î MS Office µîÀÇ Å¬¸³¾ÆÆ®¿¡ ÁÖ·Î ÀÌ¿ë * EMF(Enhanced Metafile) : WMFÀÇ 32ºñÆ® È®ÀåÇü ÆÄÀÏ Æ÷¸Ë o °ü·Ã Ãë¾àÁ¡ - Windows Kernel Input Validation Vulnerability(CVE-2009-0081) - Windows Kernel Handle Validation Vulnerability(CVE-2009-0082) - Windows Kernel Invalid Pointer Vulnerability(CVE-2009-0083) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Windows Server 2003 SP1, SP2 - Windows Server 2003 x64 Edition, SP2 - Windows Server 2003 with SP1, SP2 for Itanium-based Systems - Windows Vista, SP1 - Windows Vista x64 Edition, SP1 - Windows Server 2008 for 32-bit Systems - Windows Server 2008 for x64-based Systems - Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS09-006.mspx 2. SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 960225) o ¼³ ¸í SChannel ÀÎÁõ ÄÄÆ÷³ÍÆ®°¡ °øÀÎÀÎÁõ¼ ±â¹ÝÀÇ ÀÎÁõÀ» ¼öÇàÇÏ´Â °úÁ¤¿¡ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Àΰ¡µÈ »ç¿ëÀÚÀÇ °øÀÎÀÎÁõ¼¸¦ ÀÌ¿ë, ºñ¹ÐÅ° ¾øÀÌ ÀÎÁõÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù. * SChannel(Secure Channel) : MS À©µµ¿ì¿¡¼ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ »ç¿ëµÇ´Â º¸¾ÈÇÁ ·ÎÅäÄݷμ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼¹ö¿¡¼ »ç¿ë * ½ºÇªÇÎ(Spoofing) : ÀÚ±â ÀÚ½ÅÀÇ ½Äº° Á¤º¸¸¦ ¼Ó¿© ´ë»ó ½Ã½ºÅÛÀ» °ø°ÝÇÏ´Â ¼ö¹ý o °ü·Ã Ãë¾àÁ¡ - SChannel Spoofing Vulnerability(CVE-2009-0085) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Windows Server 2003 SP1, SP2 - Windows Server 2003 x64 Edition, SP2 - Windows Server 2003 with SP1, SP2 for Itanium-based Systems - Windows Vista, SP1 - Windows Vista x64 Edition, SP1 - Windows Server 2008 for 32-bit Systems - Windows Server 2008 for x64-based Systems - Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-007.mspx 3. DNS¿Í WINS ¼¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 962238) o ¼³ ¸í MS À©µµ¿ì DNS¿Í WINS ¼¹ö¿¡¼ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â DNS ¼¹ö¿¡ Á¶ÀÛ µÈ Äõ¸®¸¦ º¸³»°Å³ª WINS ¼¹ö¿¡ man-in-the-middle-attackÀ» ÇÏ¿© ÀÎÅÍ³Ý Æ®·¡ÇÈÀÇ °æ·Î¸¦ ¿øÇÏ´Â °÷À¸·Î º¯°æÇÒ ¼ö ÀÖ´Ù. * WINS(Windows Internet Name Service) ¼¹ö : TCP/IPȯ°æ¿¡¼ NetBIOS À̸§(ÄÄÇ»ÅÍ À̸§)À» IP ÁÖ¼Ò¿Í ¼·Î ¿¬°á½ÃÄÑÁÖ´Â ¿ªÇÒÀ» ÇÏ´Â ¼¹ö * man-in-the-middle-attack(Áß°£ÀÚ °ø°Ý) : µÎ ´ç»çÀÚ°£ÀÇ Åë½Å ¸Þ¼¼Áö¸¦ °ø°ÝÀÚ°¡ Áß°£¿¡¼ ¸¶À½´ë ·Î °¡·Îç ¼ö ÀÖ´Â °ø°Ý o °ü·Ã Ãë¾àÁ¡ - DNS Server Query Validation Vulnerability(CVE-2009-0233) - DNS Server Response Validation Vulnerability(CVE-2009-0234) - DNS Server Vulnerability in WPAD Registration Vulnerability(CVE-2009-0093) - WPAD WINS Server Registration Vulnerability(CVE-2009-0094) o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - DNS/WINS Server on Microsoft Windows 2000 SP4 - DNS/WINS Server on Microsoft Windows Server 2003 SP1, SP2 - DNS/WINS Server on Microsoft Windows Server 2003 x64 Edition, SP2 - DNS/WINS Server on Microsoft Windows Server 2003 for Itanium-based Systems SP1, SP2 - DNS Server on Windows Server 2008 for 32-bit Systems - DNS Server on Windows Server 2008 for x64-based Systems o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 Professional SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition, SP2 - Microsoft Windows Vista, SP1 - Microsoft Windows Vista x64 Edition, SP1 - Microsoft Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ® ¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx ¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-008.mspx ¡á Âü°íÁ¤º¸ Microsoft Update ¡æ http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko |
ÀÌÀü±Û | È£½ºÆà ÀÌÀü ÀÛ¾÷ °øÁö |
---|---|
´ÙÀ½±Û | ¼¹ö ¾ÈÁ¤È ÀÛ¾÷ °øÁö |