|
[MS10-003] MS Office Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MS Office°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Office ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Office ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- MSO.DLL Buffer Overflow - CVE-2010-0243
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2004 for Mac
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office 2003 SP3
- 2007 Microsoft Office SP1, SP2
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer SP1, SP2
- Microsoft Office Word Viewer
- PowerPoint Viewer 2007 SP1, SP2
- Visio Viewer 2007 SP1, SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1,
SP2
- Microsoft Works 8.5
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-003.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-003.mspx
[MS10-004] MS PowerPoint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MS PowerPoint°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PowerPoint ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PowerPoint ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- PowerPoint File Path Handling Buffer Overflow Vulnerability - CVE-2010-0029
- PowerPoint LinkedSlideAtom Heap Overflow Vulnerability - CVE-2010-0030
- PowerPoint OEPlaceholderAtom placementId Invalid Array Indexing Vulnerability - CVE-
2010-0031
- PowerPoint OEPlaceholderAtom Use After Free Vulnerability - CVE-2010-0032
- PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability - CVE-2010-0033
- Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability - CVE-2010-
0034
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2004 for Mac
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office PowerPoint 2007 SP1, SP2
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- PowerPoint Viewer 2007 SP1, SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1,
SP2
- Microsoft Works 8.5
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-004.mspx
[MS10-005] MS Paint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MS Paint°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ JPEG ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ JPEG ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- MS Paint Integer Overflow Vulnerability - CVE-2010-0028
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : º¸Åë
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-005.mspx
[MS10-006] SMB Client Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ SMB Clinet ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÀÀ´äÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø SMB (Server Message Block): Microsoft Windows¿¡¼ »ç¿ëÇÏ´Â ³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯
ÇÁ·ÎÅäÄÝ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÀÀ´äÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ
¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- SMB Client Pool Corruption Vulnerability - CVE-2010-0016
- SMB Client Race Condition Vulnerability - CVE-2010-0017
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-006.mspx
[MS10-007] Shell Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ Shell ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ
¹®Á¦Á¡
¡Ø Shell: »ç¿ëÀÚÀÇ ¸í·ÉÀ» Çؼ®ÇÏ¿© Ä¿³Î¿¡ Àü´ÞÇÏ¿© ÁÖ°í, ¸í·ÉÀ» ½ÇÇà½ÃÄÑ ÁÖ´Â ¸í·É¾î Çؼ®±â
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå
½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡
- URL Validation Vulnerability - CVE-2010-0027
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-007.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-007.mspx
[MS10-008] ActiveX Kill Bits ´©Àû º¸¾È¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ActiveX ÄÁÆ®·ÑÀÌ »ç¿ëµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Microsoft Data Analyzer ActiveX Control Vulnerability - CVE-2010-0252
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-008.mspx
[MS10-009] TCP/IP Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ TCP/IP ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ICMPv6 ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø ICMPv6: ÀÎÅÍ³Ý ÇÁ·ÎÅäÄÝ ¹öÀü 6¿ë ICMP
¡Ø ICMP (Internet Control Message Protocol): È£½ºÆ® ¼¹ö¿Í ÀÎÅÍ³Ý °ÔÀÌÆ®¿þÀÌ »çÀÌ¿¡¼
¸Þ½ÃÁö¸¦ Á¦¾îÇÏ°í ¿¡·¯¸¦ ¾Ë·ÁÁÖ´Â ÇÁ·ÎÅäÄÝ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ICMPv6 ÆÐŶÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°Ý
ÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- ICMPv6 Router Advertisement Vulnerability - CVE-2010-0239
- Header MDL Fragmentation Vulnerability – CVE-2010-0240
- ICMPv6 Route Information Vulnerability - CVE-2010-0241
- TCP/IP Selective Acknowledgement Vulnerability – CVE-2010-0242
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-009.mspx
[MS10-010] Hyper-V Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º °ÅºÎ À¯¹ß
¡à ¼³¸í
o Hyper-V¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ±â°è¾î°¡ ½ÇÇàµÇ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ°¡ ¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Hyper-V : MicrosoftÀÇ °¡»óÈ ±â¼ú
o °ø°ÝÀÚ°¡ °¡»ó¸Ó½Å¿¡ ·Î±×ÀÎÇÑ µÚ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ±â°è¾î¸¦ ½ÇÇàÇÏ¿© ¼ºñ½º °ÅºÎ ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Hyper-V Instruction Set Validation Vulnerability - CVE-2010-0026
o ¿µÇâ : ¼ºñ½º °ÅºÎ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 R2 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-010.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-010.mspx
[MS10-011] CSRSS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ Ä¿³Î ¸ðµå¿¡¼ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ CSRSS ¸ðµâ¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ±ÇÇÑ»ó½ÂÀÌ
¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø CSRSS (Client Server Run-Time Subsystem): ½Ã½ºÅÛ ¾²·¹µåÀÇ »ý¼º°ú »èÁ¦, Win32 ÄܼÖ
À©µµ¿ì Á¦¾î, 16ºñÆ® °¡»ó¸Ó½Å ó¸® µîÀ» ´ã´çÇÏ´Â Ä¿³Î¸ðµâ
o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- CSRSS Local Privilege Elevation Vulnerability – CVE-2010-0023
o ¿µÇâ : ±ÇÇÑ »ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-011.mspx
[MS10-012] SMB Server Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ SMB Server ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø SMB (Server Message Block): Microsoft Windows¿¡¼ »ç¿ëÇÏ´Â ³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯
ÇÁ·ÎÅäÄÝ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ
¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- SMB Pathname Overflow Vulnerability - CVE-2010-0020
- SMB Memory Corruption Vulnerability - CVE-2010-0021
- SMB Null Pointer Vulnerability - CVE-2010-0022
- SMB NTLM Authentication Lack of Entropy Vulnerability - CVE-2010-0231
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-012.mspx
[MS10-013] DirectShow Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o DirectShow°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ AVI ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø DirectShow: ¸ÖƼ¹Ìµð¾î ½ºÆ®¸²ÀÇ °í¼º´É ĸÃÄ¿Í Àç»ýÀ» °¡´ÉÇÏ°Ô ÇØÁÖ´Â ±â¼ú
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ AVI ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡
- DirectShow Heap Overflow Vulnerability - CVE-2010-0250
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-013.mspx
[MS10-014] Kerberos Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º °ÅºÎ À¯¹ß
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ Kerberos ¸ðµâ¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿äûÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ°¡ ¹ß»ý
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Kerberos: À©µµ¿ìÁî¿¡¼ »ç¿ëÇÏ´Â ±âº» »ç¿ëÀÚ ÀÎÁõ ÇÁ·ÎÅäÄÝ
o °ø°ÝÀÚ°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿äûÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© ¼ºñ½º °ÅºÎ ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Kerberos Null Pointer Dereference Vulnerability - CVE-2010-0035
o ¿µÇâ : ¼ºñ½º °ÅºÎ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 Server SP4
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 Professional SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-014.mspx
[MS10-015] À©µµ¿ìÁî Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ Ä¿³Î ¸ðµå¿¡¼ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà
¡à ¼³¸í
o À©µµ¿ìÁîÀÇ Ä¿³Î ¸ðµâ¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
°¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Kernel Exception Handler Vulnerability - CVE-2010-0232
- Windows Kernel Double Free Vulnerability - CVE-2010-0233
o ¿µÇâ : ±ÇÇÑ »ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-015.mspx
Ãâó : Çѱ¹ÀÎÅͳÝÁøÈï¿ø
|
