ȸ»ç¼Ò°³
ȸ»ç°³¿ä
CEO Àλ縻
°æ¿µÀÌ³ä ¹× ºñÀü
CI
¿¬Çõ
¿À½Ã´Â ±æ
³×Æ®¿öÅ©
³»ºÎ ³×Æ®¿öÅ©
¿ÜºÎ ³×Æ®¿öÅ©
¼³ºñ
Çù·Â¾÷ü
¾ð·Ðº¸µµ
ºí·çÀ¥ ±¤°í
°øÁö»çÇ×
¢º ÇöÀçÀ§Ä¡ : Ȩ > ȸ»ç¼Ò°³ > °øÁö»çÇ×

[º¸¾È] 2¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í

[MS11-003] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É

¡à ¼³¸í
  o °ø°³µÈ Ãë¾àÁ¡ 2°³¸¦ Æ÷ÇÔÇÑ ÃÑ 4°³ÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ À¥ÆäÀÌÁö¸¦ »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
     ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - CSS Memory Corruption Vulnerability - CVE-2010-3971
    - Uninitialized Memory Corruption Vulnerability - CVE-2011-0035
    - Uninitialized Memory Corruption Vulnerability - CVE-2011-0036
    - Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-0038
  o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
  o Áß¿äµµ : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Internet Explorer 6 with Windows XP SP3
    - Internet Explorer 6 with Windows Pro x64 SP2
    - Internet Explorer 6 with Windows Server 2003 SP2
    - Internet Explorer 6 with Windows Server 2003 x64 SP2
    - Internet Explorer 6 with Windows Server 2003 SP2 for Itanium-based Systems
    - Internet Explorer 7 with Windows XP SP3
    - Internet Explorer 7 with Windows Pro x64 SP2
    - Internet Explorer 7 with Windows Server 2003 SP2
    - Internet Explorer 7 with Windows Server 2003 x64 SP2
    - Internet Explorer 7 with Windows Server 2003 SP2 for Itanium-based Systems
    - Internet Explorer 7 with Windows Vista SP1, SP2
    - Internet Explorer 7 with Windows Vista x64 SP1, SP2
    - Internet Explorer 7 with Windows Server 2008, SP2
    - Internet Explorer 7 with Windows Server 2008 x64, SP2
    - Internet Explorer 7 with Windows Server for Itanium-based Systems, SP2
    - Internet Explorer 8 with Windows XP SP3
    - Internet Explorer 8 with Windows XP Pro x64 SP2
    - Internet Explorer 8 with Windows Server 2003 SP2
    - Internet Explorer 8 with Windows Server 2003 x64 SP2
    - Internet Explorer 8 with Windows Vista SP1, SP2
    - Internet Explorer 8 with Windows Vista x64 SP1, SP2
    - Internet Explorer 8 with Windows Server 2008 SP1, SP2
    - Internet Explorer 8 with Windows Server 2008 x64 SP1, SP2
    - Internet Explorer 8 with Windows 7
    - Internet Explorer 8 with Windows 7 x64
    - Internet Explorer 8 with Windows Server 2008 R2 for x64
    - Internet Explorer 8 with Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-003.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-003.mspx

 

[MS11-004] Internet Information Services Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o IIS FTP ¼­ºñ½ºÀÇ FTP ¼­¹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ FTP ¸í·ÉÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄÚµå½ÇÇàÀÌ
     °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
    ¡Ø IIS(Internet Information Services) : FTP, SMTP, NNTP, HTTP/HTTPS µîÀÇ ÇÁ·Î
        ÅäÄÝÀ» Áö¿øÇÏ´Â MSÀÇ ÀÎÅÍ³Ý Á¤º¸ ¼­ºñ½º
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ FTP ¸í·ÉÀ» Àü¼ÛÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - IIS FTP Service Heap Buffer Overrun Vulnerability - CVE-2010-3972
  o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - IIS FTP 7.0, 7.5 on Windows Vista SP1, SP2
    - IIS FTP 7.0, 7.5 on Windows Vista x64 Edition SP1, SP2
    - IIS FTP 7.0, 7.5 on Windows Server 2008 for 32-bit Systems, SP2
    - IIS FTP 7.0, 7.5 on Windows Server 2008 for x64-based Systems, SP2
    - IIS FTP 7.5 on Windows 7 for 32-bit Systems
    - IIS FTP 7.5 on Windows 7 for x64-based Systems
    - IIS FTP 7.5 on Windows Server 2008 R2 for x64-based Systems
    - IIS FTP 7.5 on Windows Server 2008 R2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - IIS FTP 5.1 on Windows XP SP3
    - IIS FTP 5.1 on Windows XP Professional x64 Edition SP2
    - IIS FTP 6.0 on Windows Server 2003 SP2
    - IIS FTP 6.0 on Windows Server 2003 x64 Edition SP2
    - IIS FTP 6.0 on Windows Server 2003 with SP2 for Itanium-based Systems
    - IIS FTP 6.0 on Windows Vista SP1, SP2
    - IIS FTP 6.0 on Windows Vista x64 Edition SP1, SP2
    - IIS FTP 6.0 on Windows Server 2008 for 32-bit Systems, SP2
    - IIS FTP 6.0 on Windows Server 2008 for x64-based Systems, SP2
    - IIS FTP 6.0 on Windows Server 2008 for Itanium-based Systems, SP2

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-004.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-004.mspx

 

[MS11-005] Active Directory Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º°ÅºÎ ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼­ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½

¡à ¼³¸í
  o Active Directory ¼­¹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¼­ºñ½º°ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
    ¡Ø Active Directory : À©µµ¿ì ¿î¿µÃ¼Á¦¿¡¼­ »ç¿ëÀÚ, »ç¿ëÀÚ ±×·ì, ³×Æ®¿÷ µ¥ÀÌÅÍ µîÀ» Çϳª·Î
       ÅëÇÕ °ü¸®ÇÏ´Â µð·ºÅ丮 ¼­ºñ½º
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» Àü¼ÛÇÏ¿© ¼­ºñ½º°ÅºÎ ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Active Directory SPN Validation Vulnerability - CVE-2011-0040
  o ¿µÇâ : ¼­ºñ½º°ÅºÎ
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Active Directory on Windows Server 2003 SP2
    - Active Directory on Windows Server 2003 x64 Edition SP2
    - Active Directory on Windows Server 2003 with SP2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - ADAM on Windows XP SP3
    - ADAM on Windows XP Professional x64 Edition SP2
    - ADAM on Windows Server 2003 SP2
    - ADAM on Windows Server 2003 x64 Edition SP2
    - AD LDS on Windows Vista SP1, SP2
    - AD LDS on Windows Vista x64 Edition SP1, SP2
    - AD, AD LDS on Windows Server 2008 for 32-bit Systems, SP2
    - AD, AD LDS on Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - AD LDS on Windows 7 for 32-bit Systems
    - AD LDS on Windows 7 for x64-based Systems
    - AD, AD LDS Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-005.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-005.mspx

 

[MS11-006] Windows Shell Graphics Processor Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É

¡à ¼³¸í
  o Windows Shell Graphics Processor°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­
     ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
    ¡Ø Windows Shell Graphics Processor : À©µµ¿ì ¿î¿µÃ¼Á¦¿¡¼­ Ž»ö±â¿¡ À̹ÌÁö
        ÆÄÀÏÀ» °£·«ÇÏ°Ô º¸¿©ÁÖ±â À§ÇØ »ç¿ëµÇ´Â ¸ðµâ
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ
     ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Windows Shell Graphics Processing Overrun Vulnerability - CVE-2010-3970
  o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
  o Áß¿äµµ : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-006.mspx

 

[MS11-007] OpenType Compact Font Format µå¶óÀ̹öÃë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o OpenType Compact Font Format µå¶óÀ̹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆùÆ®¸¦ ÀÌ¿ëÇÏ´Â °úÁ¤¿¡¼­
    ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
    ¡Ø OpenType Compact Font Format : MS À©µµ¿ì¿Í ¾ÖÇà MAC ¿î¿µÃ¼°è¿¡¼­ »ç¿ëµÇ´Â
       Æ®·çŸÀÔ ÆùÆ® ÆÄÀÏ Çü½ÄÀ» È®ÀåÇÑ ±Û²Ã ÆÄÀÏ Çü½Ä
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆùÆ®¸¦ »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï À¯µµÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - OpenType Font Encoded Character Vulnerability - CVE-2011-0033
  o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
  o Áß¿äµµ : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-007.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-007.mspx

 

[MS11-008] Microsoft Visio Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É

¡à ¼³¸í
  o Microsoft Visio°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Visio ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ
     Ãë¾àÁ¡ Á¸Àç
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Visio ÆÄÀÏÀ» »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
    ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Visio Object Memory Corruption Vulnerability - CVE-2011-0092
    - Visio Data Type Memory Corruption Vulnerability - CVE-2011-0093
  o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Microsoft Visio 2002 SP2
    - Microsoft Visio 2003 SP3
    - Microsoft Visio 2007 SP2
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Microsoft Visio 2010 (32-bit editions)
    - Microsoft Visio 2010 (64-bit editions)
    - Microsoft Visio 2007 Viewer
    - Microsoft Visio 2010 Viewer

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-008.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-008.mspx

 

[MS11-009] JScript/VBScript Scripting ¿£Áø Ãë¾àÁ¡À¸·Î ÀÎÇÑ Á¤º¸´©Ãâ ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ Á¤º¸´©Ãâ

¡à ¼³¸í
  o JScript/VBScript Scripting ¿£ÁøÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ Á¤º¸´©Ãâ
    Ãë¾àÁ¡ÀÌ ¹ß»ý
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï À¯µµÇÏ¿© Á¤º¸´©Ã⠹߻ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Scripting Engines Information Disclosure Vulnerability - CVE-2011-0031
  o ¿µÇâ : Á¤º¸´©Ãâ
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-009.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-009.mspx

 

[MS11-010] Windows Client/Server Run-time Subsystem Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o Windows¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Client/Server Run-time
    SubsystemÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
    ¡Ø Windows Client/Server Run-time Subsystem : Win32 ¼­ºê½Ã½ºÅÛÀÇ »ç¿ëÀÚ¸ðµå ºÎºÐÀ¸·Î
        ÄÜ¼Ö À©µµ¿ì, ½º·¹µåÀÇ »ý¼º/»èÁ¦ µî¿¡ °ü¿©Çϸç Ç×»ó ½ÇÇàµÇ¾î¾ß ÇÏ´Â ±âº»ÀûÀÎ ¼­ºê½Ã½ºÅÛ
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - CSRSS Elevation of Privilege Vulnerability - CVE-2011-0030
  o ¿µÇâ : ±ÇÇÑ»ó½Â
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-010.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-010.mspx

 

[MS11-011] Windows Kernel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o Windows¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Windows Kernel
     ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Driver Improper Interaction with Windows Kernel Vulnerability - CVE-2010-4398
    - Windows Kernel Integer Truncation Vulnerability - CVE-2011-0045
  o ¿µÇâ : ±ÇÇÑ»ó½Â
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-011.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-011.mspx

 

[MS11-012] Windows Kernel-Mode µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o Windows¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Windows Kernel-Mode
    µå¶óÀ̹öÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Win32k Improper User Input Validation Vulnerability - CVE-2011-0086
    - Win32k Insufficient User Input Validation Vulnerability - CVE-2011-0087
    - Win32k Window Class Pointer Confusion Vulnerability - CVE-2011-0088
    - Win32k Window Class Improper Pointer Validation Vulnerability - CVE-2011-0089
    - Win32k Memory Corruption Vulnerability - CVE-2011-0090
  o ¿µÇâ : ±ÇÇÑ»ó½Â
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-012.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-012.mspx

 

[MS11-013] Kerberos Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o Windows¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¼­ºñ½º°¡ µ¿ÀÛÇÏ´Â °úÁ¤ Áß, KerberosÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ
    »ó½ÂÀÌ ¹ß»ý
    ¡Ø Kerberos : °³¹æµÈ ÄÄÇ»ÅÍ ³×Æ®¿öÅ© ³»¿¡¼­ ¼­ºñ½º ¿ä±¸¸¦ ÀÎÁõÇϱâ À§ÇÑ ¹æ¹ý
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¼­ºñ½º¸¦ »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - Kerberos Unkeyed Checksum Vulnerability - CVE-2011-0043
    - Kerberos Spoofing Vulnerability - CVE-2011-0091
  o ¿µÇâ : ±ÇÇÑ»ó½Â
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-013.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-013.mspx

 

[MS11-014] Local Security Authority Subsystem Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ·ÎÄñÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
  o Windows¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Local Security Authority
    Subsystem ServiceÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ·ÎÄñÇÇÑ»ó½ÂÀÌ ¹ß»ý
    ¡Ø Local Security Authority Subsystem Service : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ, ¿¢Æ¼ºê µð·ºÅ丮
       ¼­ºñ½º ÇÁ·Î¼¼½º µîÀ» °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼­ºñ½º
  o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ·ÎÄñÇÇÑ»ó½Â ¹ß»ý°¡´É
  o °ü·ÃÃë¾àÁ¡ :
    - LSASS Length Validation Vulnerability - CVE-2011-0039
  o ¿µÇâ : ·ÎÄñÇÇÑ»ó½Â
  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
  o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows XP SP3
    - Windows XP Professional x64 Edition SP2
    - Windows Server 2003 SP2
    - Windows Server 2003 x64 Edition SP2
    - Windows Server 2003 with SP2 for Itanium-based Systems
  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows Vista SP1, SP2
    - Windows Vista x64 Edition SP1, SP2
    - Windows Server 2008 for 32-bit Systems, SP2
    - Windows Server 2008 for x64-based Systems, SP2
    - Windows Server 2008 for Itanium-based Systems, SP2
    - Windows 7 for 32-bit Systems
    - Windows 7 for x64-based Systems
    - Windows Server 2008 R2 for x64-based Systems
    - Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥ 
  o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
  o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-014.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-014.mspx

¿øº» : http://www.krcert.or.kr

 
ȸ»ç¼Ò°³ ¤Ó °³ÀÎÁ¤º¸Ãë±Þ¹æħ ¤Ó ȸ¿ø¾à°ü ¤Ó È£½ºÆþà°ü ¤Ó µµ¸ÞÀξà°ü ¤Ó ÀüÈ­¹øÈ£¾È³» ¤Ó »çÀÌÆ®¸Ê
¼­¿ï½Ã °­³²±¸ ¿ª»ïµ¿ 706-13¹øÁö À±Àͺôµù 10F (ÁÖ)ºí·çÀ¥ ´ëÇ¥ÀÚ : ÀåºÀ±Ù »ç¾÷ÀÚ¹øÈ£ : 106-81-85951
Åë½ÅÆǸž÷ ½Å°í¹øÈ£ : °­³² 3315È£ ¹®ÀÇÀüÈ­ : 1588-2120 FAX : 02-567-3400 E-mail : master@blueweb.co.kr
ȨÆäÀÌÁö³»¿¡¼­ °áÁ¦µÇ´Â ¼­ºñ½º¿¡ ´ëÇÑ È¯ºÒ, ¹Î¿ø µîÀº (ÁÖ)À¯´ÏÆÄÀÌ¿¡¼­ ó¸®ÇÏ¸ç ¸ðµç Ã¥ÀÓÀº (ÁÖ)À¯´ÏÆÄÀÌ¿¡ ÀÖ½À´Ï´Ù.
¹Î¿ø ´ã´çÀÚ : °í°´»ó´ã¼¾ÅÍ, 02-1588-2120
¼­ºñ½º Á¦ÈÞ/ÀÌ¿ë¹®ÀÇ : master@blueweb.co.kr
Copyright¨Ï Blueweb All rights Reserved.