[MS11-001] MS À©µµ¿ì ¹é¾÷ °ü¸®ÀÚ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ì ¹é¾÷ °ü¸®ÀÚ(Windows Backup Manager)°¡ ·ÎµåÇÏ´Â ¶óÀ̺귯¸® ÆÄÀÏÀÇ °æ·Î¸¦ ºÎÀûÀý
ÇÏ°Ô °ËÁõÇÔÀ¸·Î ÀÎÇØ Ãë¾àÁ¡ ¹ß»ý
¡Ø Windows Backup Manager : À©µµ¿ì ¿î¿µÃ¼Á¦ ¼Õ»ó µî¿¡ ´ëºñÇÏ¿© ¹é¾÷ ¹× º¹±¸ µîÀ» Áö¿ø
ÇÏ´Â °ü¸®ÇÁ·Î±×·¥
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛµÈ ¶óÀ̺귯¸® ÆÄÀÏÀ» À©µµ¿ì ¹é¾÷ °ü¸®ÀÚ°¡ ½ÇÇàµÇ´Â À§Ä¡¿Í µ¿ÀÏ
°æ·Î¿¡ ¼³Ä¡ÇÔÀ¸·Î½á ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Backup Manager Insecure Library Loading Vulnerability - CVE-2010-3145
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-001.mspx
[MS11-002] MDAC(Microsoft Data Access Components) Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå
½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MDAC ³»ºÎ µ¥ÀÌÅÍ ±¸Á¶¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¸Þ¸ð¸® ÇÒ´ç ¹®Á¦·Î ÀÎÇØ Ãë¾àÁ¡ ¹ß»ý
¡ØMDAC(Microsoft Data Access Components): Ŭ¶óÀ̾ðÆ®/¼¹ö ÇüÅÂÀÇ ÀÀ¿ëÇÁ·Î±×·¥¿¡¼
µ¥ÀÌÅͺ£À̽º µî°ú °°Àº µ¥ÀÌÅÍ ¼Ò½º¿Í ¿¬µ¿ÇÒ ¼ö ÀÖ´Â ±â´É
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö °Ô½Ã¹° ¶Ç´Â À̸ÞÀÏÀ» »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇÏ¿© »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- DSN Overflow Vulnerability - CVE-2011-0026
- ADO Record Memory Vulnerability - CVE-2011-0027
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-002.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-002.mspx
¿øº» : http://www.krcert.or.kr |
