[MS10-090] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡à ¼³¸í
o °ø°³µÈ Ãë¾àÁ¡ 3°³¸¦ Æ÷ÇÔÇÑ ÃÑ 7°³ÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®
o °ø°ÝÀÚ°¡ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ À¥ÆäÀÌÁö¸¦ ÀÌ¿ëÀÚ°¡ Internet Explorer¸¦ ÀÌ¿ëÇÏ¿© ¿¶÷ÇÒ °æ¿ì,
·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- HTML Object Memory Corruption Vulnerability - CVE-2010-3340
- Cross-Domain Information Disclosure Vulnerability - CVE-2010-3342
- HTML Object Memory Corruption Vulnerability - CVE-2010-3343
- HTML Element Memory Corruption Vulnerability - CVE-2010-3345
- HTML Element Memory Corruption Vulnerability - CVE-2010-3346
- Cross-Domain Information Disclosure Vulnerability - CVE-2010-3348
- Uninitialized Memory Corruption Vulnerability - CVE-2010-3962
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 6 with Windows XP SP3
- Internet Explorer 6 with Windows Pro x64 SP2
- Internet Explorer 6 with Windows Server 2003Sp2
- Internet Explorer 6 with Windows Server 2003 x64 SP2
- Internet Explorer 6 with Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows XP SP3
- Internet Explorer 7 with Windows Pro x64 SP2
- Internet Explorer 7 with Windows Server 2003 SP2
- Internet Explorer 7 with Windows Server 2003 x64 SP2
- Internet Explorer 7 with Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows Vista SP1, SP2
- Internet Explorer 7 with Windows Vista x64 SP1, SP2
- Internet Explorer 7 with Windows Server 2008, SP2
- Internet Explorer 7 with Windows Server 2008 x64, SP2
- Internet Explorer 7 with Windows Server for Itanium-based Systems, SP2
- Internet Explorer 8 with Windows XP SP3
- Internet Explorer 8 with Windows XP Pro x64 SP2
- Internet Explorer 8 with Windows Server 2003 SP2
- Internet Explorer 8 with Windows Server 2003 x64 SP2
- Internet Explorer 8 with Windows Vista SP1, SP2
- Internet Explorer 8 with Windows Vista x64 SP1, SP2
- Internet Explorer 8 with Windows Server 2008 SP1, SP2
- Internet Explorer 8 with Windows Server 2008 x64 SP1, SP2
- Internet Explorer 8 with Windows 7
- Internet Explorer 8 with Windows 7 x64
- Internet Explorer 8 with Windows Server 2008 R2 for x64
- Internet Explorer 8 with Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-090.mspx
[MS10-091] Open Type Font µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Open Type Font µå¶óÀ̹ö¿¡ Á¸ÀçÇÏ´Â ´Ù¼öÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®
¡Ø Open Type Font : MS À©µµ¿ì¿Í ¾ÖÇà MAC ¿î¿µÃ¼°è¿¡¼ »ç¿ëµÇ´Â Æ®·çŸÀÔ ÆùÆ® ÆÄÀÏ
Çü½ÄÀ» È®ÀåÇÑ ±Û²Ã ÆÄÀÏ Çü½Ä
o Open Type Font µå¶óÀ̹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Open Type font ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼
¹ß»ýÇÏ´Â ¿À·ù·Î ÀÓÀÇÀÇ ÄÚµå½ÇÇàÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- OpenType Font Index Vulnerability - CVE-2010-3956
- OpenType Font Double Free Vulnerability - CVE-2010-3957
- OpenType CMAP Table Vulnerability - CVE-2010-3959
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-091.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-091.mspx
[MS10-092] Task Scheduler Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Task Scheduler°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î
Á¦ÇÑµÈ ±ÇÇÑÀÇ °èÁ¤À¸·Î ·Î±×ÀÎÇÑ °ø°ÝÀÚ°¡ ±ÇÇÑ»ó½ÂÀ» ÅëÇØ °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖÀ½
o °ø°ÝÀÚ´Â ¿ø°Ý ¶Ç´Â Anonymous °èÁ¤À¸·Î °ø°ÝÇÒ ¼ö ¾øÀ¸¸ç ¹Ýµå½Ã ·ÎÄÿ¡¼ ·Î±×ÀÎµÈ »óÅÂ
¿¡¼¸¸ °ø°ÝÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Task Scheduler Vulnerability - CVE-2010-3338
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP 1, SP2
- Windows Server 2008 for 32-bit Systems, SP2*
- Windows Server 2008 for x64-based Systems, SP2*
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP 2
- Windows Server 2003 SP 2
- Windows Server 2003 x64 Edition SP 2
- Windows Server 2003 with SP2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-092.mspx
[MS10-093] Movie Maker Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Movie Maker°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÒ ¶§ ¹ß»ýÇÏ´Â ¿À·ù¸¦ ÅëÇØ
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ø°ÝÀ» À§Çؼ´Â °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ¶óÀ̺귯¸® ÆÄÀÏ°ú ÇÔ²² Á¤»ó Movie Maker ÆÄÀÏÀ»
µ¿ÀÏÇÑ ³×Æ®¿öÅ© µð·ºÅ͸®¿¡ À§Ä¡½ÃŲ ÈÄ, ÀÌ¿ëÀÚ°¡ Movie Maker ÆÄÀÏÀ» ¿¶÷Çϵµ·Ï À¯µµÇÔ
À¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- Insecure Library Loading Vulnerability - CVE-2010-3967
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP 1, SP 2
- Windows Vista x64 Edition SP 1,SP 2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP 3
- Windows XP Pro x64 SP2
- Windows XP Pro x64 Edition SP 2
- Windows Server 2003 SP 2
- Windows Server 2003 x64 SP 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems, SP 2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-093.mspx
[MS10-094] Media Encoder Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Media Encoder°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ø°ÝÀ» À§Çؼ´Â °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ¶óÀ̺귯¸® ÆÄÀÏ°ú ÇÔ²² Á¤»ó Windows Media Profile
ÆÄÀÏÀ» µ¿ÀÏÇÑ ³×Æ®¿öÅ© µð·ºÅ͸®¿¡ À§Ä¡½ÃŲ ÈÄ, ÀÌ¿ëÀÚ°¡ ÆÄÀÏÀ» ¿¶÷Çϵµ·Ï À¯µµÇÔÀ¸·Î½á ¿µÇâ
¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- Insecure Library Loading Vulnerability - CVE-2010-3965
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-094.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-094.mspx
[MS10-095] À©µµ¿ì Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ì°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î ÀÓÀÇÀÇ ÄÚµå
½ÇÇà °¡´É
o °ø°ÝÀ» À§Çؼ´Â °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ¶óÀ̺귯¸® ÆÄÀÏ°ú ÇÔ²² Á¤»ó E-mail(.eml),
Windows Live Mail(.rss), Mocrosoft Live Writer(.wpost) ÆÄÀÏÀ» µ¿ÀÏÇÑ ³×Æ®¿öÅ©
µð·ºÅ͸®¿¡ À§Ä¡½ÃŲ ÈÄ, ÀÌ¿ëÀÚ°¡ ÆÄÀÏÀ» ¿¶÷Çϵµ·Ï À¯µµÇÔÀ¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡
´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- BranchCache Insecure Library Loading Vulnerability - CVE-2010-3966
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems*
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-095.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-095.mspx
[MS10-096] Address Book Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Address BookÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ø°ÝÀ» À§Çؼ´Â °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ¶óÀ̺귯¸® ÆÄÀÏ°ú ÇÔ²² Á¤»ó Windows Address
Book ÆÄÀÏÀ» µ¿ÀÏÇÑ ³×Æ®¿öÅ© µð·ºÅ͸®¿¡ À§Ä¡½ÃŲ ÈÄ, ÀÌ¿ëÀÚ°¡ ÆÄÀÏÀ» ¿¶÷Çϵµ·Ï À¯µµÇÔ
À¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- Insecure Library Loading Vulnerability - CVE-2010-3147
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-096.mspx
[MS10-097] Internet Connection Signup Wizard Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Internet Connection Signup Wizard°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» ·ÎµåÇÒ ¶§ ¹ß»ýÇÏ´Â
Ãë¾àÁ¡À¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ø°ÝÀ» À§Çؼ´Â °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ¶óÀ̺귯¸® ÆÄÀÏ°ú ÇÔ²² .isp ÆÄÀÏÀ» µ¿ÀÏÇÑ ³×Æ®¿öÅ©
µð·ºÅ͸®¿¡ À§Ä¡½ÃŲ ÈÄ, ÀÌ¿ëÀÚ°¡ ÆÄÀÏÀ» ¿¶÷Çϵµ·Ï À¯µµÇÔÀ¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ
¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- Internet Connection Signup Wizard Insecure Library Loading Vulnerability - CVE-2010-3144
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-097.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-097.mspx
[MS10-098] Kernel-Mode µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Kernel-Mode µå¶óÀ̹ö°¡ ºÎÀûÀýÇÏ°Ô ¸Þ¸ð¸®¸¦ ÇÒ´çÇÏ´Â °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â
Ãë¾àÁ¡À¸·Î °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» Á¦ÇÑµÈ ±ÇÇÑÀÇ °èÁ¤À¸·Î ·Î±×ÀÎÇÑ
»óÅ¿¡¼ ½ÇÇàÇÏ¿© ±ÇÇÑ»ó½ÂÀ» ÅëÇØ °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖÀ½
o °ø°ÝÀÚ´Â ¿ø°Ý ¶Ç´Â Anonymous °èÁ¤À¸·Î °ø°ÝÇÒ ¼ö ¾øÀ¸¸ç ¹Ýµå½Ã ·ÎÄÿ¡¼ ·Î±×ÀεÈ
»óÅ¿¡¼¸¸ °ø°ÝÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- TWin32k Buffer Overflow Vulnerability - CVE-2010-3939
- Win32k PFE Pointer Double Free Vulnerability - CVE-2010-3940
- Win32k Double Free Vulnerability - CVE-2010-3941
- Win32k WriteAV Vulnerability - CVE-2010-3942
- Win32k Cursor Linking Vulnerability- CVE-2010-3943
- Win32k Memory Corruption Vulnerability - CVE-2010-3944
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-098.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-098.mspx
[MS10-099] Routing ¹× Remote Access NDProxy ÄÄÆ÷³ÍÆ® Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ì Ä¿³ÎÀÇ NDProxy ÄÄÆ÷³ÍÆ®°¡ ÀÔ·ÂÀ» Á¤»óÀûÀ¸·Î ó¸®ÇÏÁö ¸øÇØ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î
°ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» Á¦ÇÑµÈ ±ÇÇÑÀÇ °èÁ¤À¸·Î ·Î±×ÀÎÇÑ »óÅ¿¡¼ ½ÇÇà
ÇÏ¿© ±ÇÇÑ»ó½ÂÀ» ÅëÇØ °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖÀ½
o °ø°ÝÀÚ´Â ¿ø°Ý ¶Ç´Â Anonymous °èÁ¤À¸·Î °ø°ÝÇÒ ¼ö ¾øÀ¸¸ç ¹Ýµå½Ã ·ÎÄÿ¡¼ ·Î±×ÀÎµÈ »óÅÂ
¿¡¼¸¸ °ø°ÝÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Kernel NDProxy Buffer Overflow Vulnerability - CVE-2010-3963
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based System, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-099.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-099.mspx
[MS10-100] Consent User Interface Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Consent User Interface°¡ ·¹Áö½ºÆ®¸®·ÎºÎÅÍ ÀÐÀº °ªÀ» ÀûÀýÇÏ°Ô Ã³¸®ÇÏÁö ¸øÇØ ¹ß»ýÇÏ´Â
Ãë¾àÁ¡À¸·Î °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» Á¦ÇÑµÈ ±ÇÇÑÀÇ °èÁ¤À¸·Î ·Î±×ÀÎÇÑ
»óÅ¿¡¼ ½ÇÇàÇÏ¿© °ü¸®ÀÚ±ÇÇÑÀ¸·Î ±ÇÇÑ»ó½Â
¡Ø Consent User Interface : µ¿ÀÇ È®ÀΠâ, Vista µî¿¡¼ °ü¸®ÀÚ °èÁ¤ÀÌ ÇÊ¿äÇÑ ÇÁ·Î±×·¥À»
½ÇÇàÇÒ °æ¿ì »ç¿ëÀÚ¿¡°Ô µ¿ÀǸ¦ ±¸ÇÒ ¶§ ÀÌ¿ë
o °ø°ÝÀÚ´Â ¿ø°Ý ¶Ç´Â Anonymous °èÁ¤À¸·Î °ø°ÝÇÒ ¼ö ¾øÀ¸¸ç ¹Ýµå½Ã ·ÎÄÿ¡¼ ·Î±×ÀÎµÈ »óÅÂ
¿¡¼¸¸ °ø°ÝÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Consent UI Impersonation Vulnerability - CVE-2010-3961
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-100.mspx
[MS10-101] Netlogon ¼ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º°ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½
¡à ¼³¸í
o Netlogon RPC ¼ºñ½º°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ RPC ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â °úÁ¤¿¡¼
¼ºñ½º°ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â °ø°Ý´ë»ó°ú µ¿ÀÏÇÑ µµ¸ÞÀο¡ Á¸ÀçÇÏ´Â ÀåºñÀÇ °ü¸®ÀÚ±ÇÇÑÀ» Áö´Ñ »óÅ¿¡¼¸¸ °ø°ÝÀÌ
°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Netlogon RPC Null dereference DOS Vulnerability - CVE-2010-2742
o ¿µÇâ : ¼ºñ½º°ÅºÎ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 R2 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-101.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-101.mspx
[MS10-102] Hyper-V Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º°ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½
¡à ¼³¸í
o Hyper-V°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ VMBus ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º°ÅºÎ
Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø Hyper-V : À©µµ¿ì ¼¹ö °¡»óȶó´Â À̸§À¸·Î ¾Ë·ÁÁø MSÞäÀÇ °¡»óÈ ½Ã½ºÅÛ
o °ø°ÝÀÚ´Â ¿ø°Ý ¶Ç´Â Anonymous °èÁ¤À¸·Î °ø°ÝÇÒ ¼ö ¾øÀ¸¸ç ¹Ýµå½Ã ·ÎÄÿ¡¼ ·Î±×ÀÎµÈ »óÅÂ
¿¡¼¸¸ °ø°ÝÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Hyper-V VMBus Vulnerability - CVE-2010-3960
o ¿µÇâ : ¼ºñ½º°ÅºÎ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based
Systems SP2
- Windows Server 2008 R2 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-102.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-102.mspx
[MS10-103] MS Publisher Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà
¡à ¼³¸í
o MS Publisher°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Publisher ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î °ø°Ý
¼º°ø½Ã ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø Publisher : MS ¿ÀÇǽºÀÇ Ãß°¡ ÇÁ·Î±×·¥Áß Çϳª·Î À¥µðÀÚÀΰú ÀüÀÚÃâÆÇ ¿¹Á¦µéÀ» Á¦°ø
o °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×ÀÎÇÑ °æ¿ì ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ ¿Ïº®ÇÑ ±ÇÇÑ È¹µæ
o °ü·ÃÃë¾àÁ¡ :
- Size Value Heap Corruption in pubconv.dll Vulnerability - CVE-2010-2569
- Heap Overrun in pubconv.dll Vulnerability - CVE-2010-2570
- Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability - CVE-
2010-2571
- Microsoft Publisher Memory Corruption Vulnerability - CVE-2010-3954
- Array Indexing Memory Corruption Vulnerability - CVE-2010-3955
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2010 (32-bit editions)
- Microsoft Office 2010 (64-bit editions)
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-103.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-103.mspx
[MS10-104] MS SharePoint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ Guest °èÁ¤ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà
¡à ¼³¸í
o MS SharePointÀÇ Document Conversions Launcher Service°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SOAP ¿äûÀ»
ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î °ø°Ý¼º°ø½Ã Guest °èÁ¤ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå½ÇÇà °¡´É
¡Ø SharePoint : Á¤º¸ °øÀ¯, ¹®¼°ü¸® µîÀ» ÅëÇÑ °øµ¿ ÀÛ¾÷À» ÇÒ ¼ö ÀÖµµ·Ï µ½´Â MSÞäÀÇ ¼Ö·ç¼Ç
o °ü·ÃÃë¾àÁ¡ :
- Malformed Request Code Execution Vulnerability - CVE-2010-3964
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office SharePoint Server 2007 SP2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 SP2 (64-bit editions)
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-104.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-104.mspx
[MS10-105] MS Office Graphics Filter Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o °ø°³µÇÁö ¾ÊÀº 7°³ÀÇ Ãë¾àÁ¡À» ÇØ°áÇÏ´Â º¸¾È¾÷µ¥ÀÌÆ®
o MS Office Graphics Filter°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î
°ø°Ý¼º°ø½Ã ÀÓÀÇÀÇ ÄÚµå½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- CGM Image Converter Buffer Overrun Vulnerability - CVE-2010-3945
- PICT Image Converter Integer Overflow Vulnerability - CVE-2010-3946
- TIFF Image Converter Heap Overflow Vulnerability - CVE-2010-3947
- TIFF Image Converter Buffer Overflow Vulnerability - CVE-2010-3949
- TIFF Image Converter Memory Corruption Vulnerability - CVE-2010-3950
- FlashPix Image Converter Buffer Overflow Vulnerability - CVE-2010-3951
- FlashPix Image Converter Heap Corruption Vulnerability - CVE-2010-3952
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2010 (32-bit editions)
- Microsoft Office 2010 (64-bit editions)
- Microsoft Office Converter Pack
- Microsoft Works 9
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-105.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-105.mspx
[MS10-106] MS Exchange Server Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º°ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½
¡à ¼³¸í
o MS Exchange Server°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ RPC CallÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â °úÁ¤¿¡¼
¼ºñ½º°ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø Exchange : ÀüÀÚ¸ÞÀÏ, ÀÏÁ¤, ¿¬¶ôó °ü¸®¸¦ µµ¿ÍÁÖ´Â MSÞäÀÇ ±â¾÷ ¸Þ½Ã¡ ¹× °øµ¿ ÀÛ¾÷
¼Ö·ç¼Ç
o °ü·ÃÃë¾àÁ¡ :
- Exchange Server Infinite Loop Vulnerability - CVE-2010-3937
o ¿µÇâ : ¼ºñ½º°ÅºÎ
o Áß¿äµµ : º¸Åë
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Exchange Server 2007 SP2 for x64-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-106.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-106.mspx
¿øº» : http://www.krcert.or.kr |
