[MS11-018] Internet Explorer 6, 7, 8 Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ü·ÃÃë¾àÁ¡ :
- Layouts Handling Memory Corruption Vulnerability - CVE-2011-0094
- MSHTML Memory Corruption Vulnerability - CVE-2011-0346
- Frame Tag Information Disclosure Vulnerability - CVE-2011-1244
- Javascript Information Disclosure Vulnerability - CVE-2011-1245
- Object Management Memory Corruption Vulnerability - CVE-2011-1345
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 6 on Windows XP SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems SP0, SP2**
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems SP0, SP2**
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems SP0, SP2
- Internet Explorer 8 on Windows XP SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems SP0, SP2**
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems SP0, SP2**
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems**
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems
¡Ø **Ç¥½ÃµÈ À©µµ¿ì¸¦ ¼¹öÄÚ¾î(Server Core)¿É¼ÇÀ¸·Î ¼³Ä¡ÇÑ °æ¿ì, ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ»
¹ÞÁö ¾ÊÀ½
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 9 on Windows Vista 32-bit SP2
- Internet Explorer 9 on Windows Vista 64-bit SP2
- Internet Explorer 9 on Windows Server 2008 for 32-bit SP2
- Internet Explorer 9 on Windows Server 2008 for 64-bit SP2
- Internet Explorer 9 on Windows 7 for 32-bit SP0, SP1
- Internet Explorer 9 on Windows 7 for 64-bit SP0, SP1
- Internet Explorer 9 on Windows Server 2008 R2 for 64-bit SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-018.mspx
[MS11-019] SMB Ŭ¶óÀ̾ðÆ® Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMBÀÀ´äÀ» Ŭ¶óÀ̾ðÆ®·Î º¸³¾ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø SMB(Server Message Block) : À©µµ¿ì ȯ°æ¿¡ »ç¿ëµÇ´Â ÆÄÀÏ/Àμâ±â °øÀ¯ ÇÁ·ÎÅäÄÝ
o °ü·ÃÃë¾àÁ¡ :
- Browser Pool Corruption Vulnerability - CVE-2011-0654
- SMB Client Response Parsing Vulnerability - CVE-2011-0660
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2
- Windows Server 2008 for x64-based Systems SP0, SP2
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Windows 7 for 32-bit SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-019.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-019.mspx
[MS11-020] SMB ¼¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMBÆÐŶÀ» ¼¹ö·Î º¸³¾ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø SMB(Server Message Block) : À©µµ¿ì ȯ°æ¿¡ »ç¿ëµÇ´Â ÆÄÀÏ/Àμâ±â °øÀ¯ ÇÁ·ÎÅäÄÝ
o °ü·ÃÃë¾àÁ¡ :
- SMB Transaction Parsing Vulnerability - CVE-2011-0661
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2
- Windows Server 2008 for x64-based Systems SP0, SP2
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Windows 7 for 32-bit SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-020.mspx
[MS11-021] Microsoft Excel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ Excel ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- Excel Integer Overrun Vulnerability - CVE-2011-0097
- Excel Heap Overflow Vulnerability - CVE-2011-0098
- Excel Record Parsing WriteAV Vulnerability - CVE-2011-0101
- Excel Memory Corruption Vulnerability - CVE-2011-0103
- Excel Buffer Overwrite Vulnerability - CVE-2011-0104
- Excel Data Initialization Vulnerability - CVE-2011-0105
- Excel Array Indexing Vulnerability - CVE-2011-0978
- Excel Linked List Corruption Vulnerability - CVE-2011-0979
- Excel Dangling Pointer Vulnerability - CVE-2011-0980
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2010 for 32-bit editions, 64-bit editions
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office 2011 for Mac
- Open XML File Format Converter for Mac
- Microsoft Excel Viewer SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-021.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-021.mspx
[MS11-022] Microsoft PowerPoint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ PowerPoint ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- Floating Point Techno-color Time Bandit RCE Vulnerability - CVE-2011-0655
- Persist Directory RCE Vulnerability - CVE-2011-0656
- OfficeArt Atom RCE Vulnerability - CVE-2011-0976
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2010 for 32-bit editions, 64-bit editions
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office 2011 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Service Pack 2
- Microsoft PowerPoint Viewer 2007 SP2
- Microsoft PowerPoint Viewer
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-022.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-022.mspx
[MS11-023] Microsoft Office Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ Office ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- Office Component Insecure Library Loading Vulnerability - CVE-2011-0107
- Microsoft Office Graphic Object Dereferencing Vulnerability - CVE-2011-0977
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Office 2010 for 32-bit editions, 64-bit editions
- Microsoft Office XP SP3
- Microsoft Office for Mac 2011
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2
- Microsoft Word Viewer
- Microsoft Excel Viewer SP2
- Microsoft PowerPoint Viewer SP2
- Microsoft Visio 2007 Viewer SP2
- Microsoft Visio 2010 Viewer
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-023.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-023.mspx
[MS11-024] Microsoft Fax Cover Page Editor Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ Æѽº Ç¥ÁöÆäÀÌÁö ÆÄÀÏ(.cov)À» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- Fax Cover Page Editor Memory Corruption Vulnerability - CVE-2010-3974
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems and Windows Server 2008
for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008
for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems SP1
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems SP1
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2
for x64-based Systems SP1
- Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2
for Itanium-based Systems SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-024.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-024.mspx
[MS11-025] Microsoft Foundation Class Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MFC¸¦ »ç¿ëÇϴ ƯÁ¤ ÀÀ¿ë ÇÁ·Î±×·¥ ¶Ç´Â Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà
Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø Microsoft Foundation Class (MFC) : MS À©µµ¿ì ÇÁ·Î±×·¡¹ÖÀ» À§ÇÑ ÀÀ¿ëÇÁ·Î±×·¥
ÇÁ·¹ÀÓ¿öÅ© ¶óÀ̺귯¸®
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- MFC Insecure Library Loading Vulnerability - CVE-2010-3190
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Visual Studio .NET 2003 SP1
- Microsoft Visual Studio 2005 SP1
- Microsoft Visual Studio 2008 SP1
- Microsoft Visual Studio 2010
- Microsoft Visual C++ 2005 SP1 Redistributable Package
- Microsoft Visual C++ 2008 SP1 Redistributable Package
- Microsoft Visual C++ 2010 Redistributable Package
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-025.mspx
[MS11-026] MHTML Ãë¾àÁ¡À¸·Î ÀÎÇÑ Á¤º¸À¯Ãâ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀ¸·ÎºÎÅÍ Á¤º¸¸¦ À¯ÃâÇÒ ¼ö ÀÖÀ½
¡à ¼³¸í
o À¥»çÀÌÆ®¿¡ »ðÀÔµÈ Á¶ÀÛµÈ ¸µÅ©¸¦ Ŭ¸¯ÇÒ °æ¿ì MHTML ÀÀ´äó¸® ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ Á¤º¸À¯Ãâ
Ãë¾àÁ¡ ¹ß»ý
¡Ø MHTML : MHTML À¥ÆäÀÌÁö°¡ ÂüÁ¶ÇÏ´Â º°µµÀÇ ÆÄÀÏ(±×¸², À½¼º µî)À» ÀÎÄÚµùÇÏ¿© ÇØ´ç
À¥ÆäÀÌÁö ÆÄÀÏ¿¡ Æ÷ÇÔ½ÃŲ ±â¼ú
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- MFC Insecure Library Loading Vulnerability - CVE-2010-3190
o ¿µÇâ : Á¤º¸À¯Ãâ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Visual Studio .NET 2003 Service Pack 1
- Microsoft Visual Studio 2005 Service Pack 1
- Microsoft Visual Studio 2008 Service Pack 1
- Microsoft Visual Studio 2010
- Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package
- Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package
- Microsoft Visual C++ 2010 Redistributable Package
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-026.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-026.mspx
[MS11-027] ActiveX Kill Bits º¸¾È ¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ¿¾úÀ» °æ¿ì ƯÁ¤ ActiveX¸¦ »ç¿ëÇÏ¿© ¿ø°Ý¿¡¼ Äڵ尡
½ÇÇà µÉ ¼ö ÀÖÀ½
o ÇØ´ç ¾÷µ¥ÀÌÆ®´Â 3°¡Áö ActiveX¿¡ ´ëÇÑ Kill BitsÀ» Àû¿ëÇÔ
¡Ø ActiveX Kill Bits : ÀÎÅÍ³Ý ÀͽºÇ÷η¯¿¡¼ ƯÁ¤ ActiveXÄÁÆ®·Ñ ½ÇÇàÀ» ÁßÁö½ÃÅ°´Â ±â´É
o °ü·ÃÃë¾àÁ¡ :
- Microsoft Internet Explorer 8 Developer Tools Vulnerability - CVE-2010-0811
- Microsoft WMITools ActiveX Control Vulnerability - CVE-2010-3973
- Microsoft Windows Messenger ActiveX Control Vulnerability - CVE-2011-1243
o ¿µÇâ : ¿ø°ÝÄÚµå ½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2
- Windows Server 2008 for x64-based Systems SP0, SP2
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Windows 7 for 32-bit SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-027.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-027.mspx
[MS11-028] .NET Framework Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o XBAPsÀ¸·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ¿¾úÀ» °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø .NET Framework : À©µµ¿ì ÇÁ·Î±×·¥ °³¹ß ¹× ½ÇÇà ȯ°æ
¡Ø XBAPs(XAML Browser Applications) : À¥ ºê¶ó¿ìÀú¿¡¼ ½ÇÇàµÇ´Â WPF(Windows Presentation Foundation) ÀÀ¿ë ÇÁ·Î±×·¥
o °ü·ÃÃë¾àÁ¡ :
- SMB Transaction Parsing Vulnerability - CVE-2011-0661
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- .NET Framework 2.0 SP2, .NET Framework 3.5 SP1
¡¤ Windows XP SP3
¡¤ Windows XP Professional x64 Edition SP2
¡¤ Windows Server 2003 SP2
¡¤ Windows Server 2003 x64 Edition SP2
¡¤ Windows Server 2003 with SP2 for Itanium-based Systems
¡¤ Windows Vista SP1, SP2
¡¤ Windows Vista x64 Edition SP1, SP2
¡¤ Windows Server 2008 for 32-bit Systems SP0, SP1**
¡¤ Windows Server 2008 for x64-based Systems SP0, SP2**
¡¤ Windows Server 2008 for Itanium-based Systems SP2
- .NET Framework 3.5.1
¡¤ Windows 7 for 32-bit Systems SP0, SP1
¡¤ Windows 7 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
- .NET Framework 4.0
¡¤ Windows XP SP3
¡¤ Windows XP Professional x64 Edition SP2
¡¤ Windows Server 2003 SP2
¡¤ Windows Server 2003 x64 Edition SP2
¡¤ Windows Server 2003 with SP2 for Itanium-based Systems
¡¤ Windows Vista SP1, SP2
¡¤ Windows Vista x64 Edition SP1, SP2
¡¤ Windows Server 2008 for 32-bit Systems SP0, SP1**
¡¤ Windows Server 2008 for x64-based Systems SP0, SP2**
¡¤ Windows Server 2008 for Itanium-based Systems SP2
¡¤ Windows 7 for 32-bit Systems SP0, SP1
¡¤ Windows 7 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡Ø **Ç¥½ÃµÈ À©µµ¿ì¸¦ ¼¹öÄÚ¾î(Server Core)¿É¼ÇÀ¸·Î ¼³Ä¡ÇÑ °æ¿ì, ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ»
¹ÞÁö ¾ÊÀ½
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-028.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-028.mspx
[MS11-029] GDI+ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁöÆÄÀÏÀ» ¿¾îº¼ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ü·ÃÃë¾àÁ¡ :
- GDI+ Integer Overflow Vulnerability - CVE-2011-0041
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2**
- Windows Server 2008 for x64-based Systems SP0, SP2**
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Microsoft Office XP SP3
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2010 32-bit, 64-bit editions
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-029.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-029.mspx
[MS11-030] DNS Resolution Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ LLMNR ºê·Îµåij½ºÆ® Äõ¸®¸¦ º¸³¾ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ
¹ß»ý
¡Ø LLMNR(Link-local Multicast Name Resolution) : ·ÎÄó×Æ®¿öÅ© ³» Á¸ÀçÇϴ ȣ½ºÆ® À̸§
È®Àο¡ ¾²ÀÌ´Â DNSÆÐŶ Çü½Ä ±â¹Ý ÇÁ·ÎÅäÄÝ
o °ü·ÃÃë¾àÁ¡ :
- DNS Query Vulnerability - CVE-2011-0657
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2
- Windows Server 2008 for x64-based Systems SP0, SP2
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Windows 7 for 32-bit SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-030.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-030.mspx
[MS11-031] JScript, VBScript ¿£Áø Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ¹æ¹®ÇÒ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø JScript : ÀÎÅÍ³Ý ÀͽºÇ÷η¯¿¡ »ç¿ëÇÏ´Â ½ºÅ©¸³Æà ¾ð¾î
¡Ø VBScript : ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®°¡ °³¹ßÇÑ ¾×Ƽºê ½ºÅ©¸³Æ® ¾ð¾î
o °ü·ÃÃë¾àÁ¡ :
- Scripting Memory Reallocation Vulnerability - CVE-2011-0663
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- JScript 5.6, VBScript 5.6
¡¤ Windows XP Professional x64 Edition SP2
¡¤ Windows Server 2003 SP2
¡¤ Windows Server 2003 x64 Edition SP2
¡¤ Windows Server 2003 with SP2 for Itanium-based Systems
- JScript 5.7, VBScript 5.7
¡¤ Windows XP SP3
¡¤ Windows XP Professional x64 Edition SP2
¡¤ Windows Server 2003 SP2
¡¤ Windows Server 2003 x64 Edition SP2
¡¤ Windows Server 2003 with SP2 for Itanium-based Systems
¡¤ Windows Vista SP1, SP2
¡¤ Windows Vista x64 Edition SP1, SP2
¡¤ Windows Server 2008 for 32-bit Systems SP0, SP2**
¡¤ Windows Server 2008 for x64-based Systems SP0, SP2**
¡¤ Windows Server 2008 for Itanium-based Systems SP2
- JScript 5.8, VBScript 5.8
¡¤ Windows XP SP3
¡¤ Windows XP Professional x64 Edition SP2
¡¤ Windows Server 2003 SP2
¡¤ Windows Server 2003 x64 Edition SP2
¡¤ Windows Vista SP1, SP2
¡¤ Windows Vista x64 Edition SP1, SP2
¡¤ Windows Server 2008 for 32-bit Systems SP0, SP2**
¡¤ Windows Server 2008 for x64-based Systems SP0, SP2**
¡¤ Windows 7 for 32-bit Systems SP0, SP1
¡¤ Windows 7 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for x64-based Systems SP0, SP1**
¡¤ Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡Ø **Ç¥½ÃµÈ À©µµ¿ì¸¦ ¼¹öÄÚ¾î(Server Core)¿É¼ÇÀ¸·Î ¼³Ä¡ÇÑ °æ¿ì, ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ»
¹ÞÁö ¾ÊÀ½
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- JScript 5.8 and VBScript 5.8 installed with Internet Explorer 9
¡¤ Windows Vista SP2
¡¤ Windows Vista x64 Edition SP2
¡¤ Windows Server 2008 for 32-bit Systems SP2
¡¤ Windows Server 2008 for x64-based Systems SP2
¡¤ Windows 7 for 32-bit Systems SP0, SP1
¡¤ Windows 7 for x64-based Systems SP0, SP2
¡¤ Windows Server 2008 R2 for x64-based Systems SP0, SP1
¡¤ Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-031.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-031.mspx
[MS11-032] OpenType Compact Font Format (CFF) µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ
¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ CFF ÆùÆ®¸¦ ·£´õ¸µ ÇÒ °æ¿ì ¿ø°Ý¿¡¼ Äڵ尡 ½ÇÇàµÇ´Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø OpenType Compact Font Format (CFF) : À©µµ¿ì¿Í ¸ÅŲÅä½Ã ¿î¿µÃ¼Á¦¿¡¼ »ç¿ëµÇ´Â
È®Àå ±Û²Ã ÆÄÀÏ Çü½Ä
o °ü·ÃÃë¾àÁ¡ :
-OpenType Font Stack Overflow Vulnerability - CVE-2011-0034
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems SP0, SP2
- Windows Server 2008 for x64-based Systems SP0, SP2
- Windows Server 2008 for Itanium-based Systems SP0, SP2
- Windows 7 for 32-bit SP0, SP1
- Windows 7 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for x64-based Systems SP0, SP1
- Windows Server 2008 R2 for Itanium-based Systems SP0, SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-032.mspx
[MS11-033] WordPad Text Converters Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ »ç¿ëÀÚ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o »ç¿ëÀÚ°¡ ¿öµåÆе带 ÅëÇÏ¿© Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ¿¾úÀ» °æ¿ì ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ¹ß»ý
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- WordPad Converter Parsing Vulnerability - CVE-2011-0028
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems and Windows Server 2008
for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008
for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems SP1
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems SP1
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2
for x64-based Systems SP1
- Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2
for Itanium-based Systems SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-033.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-033.mspx
[MS11-034] Windows Kernel-Mode Drivers Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o À©µµ¿ì Ä¿³Î ¸ðµå µå¶óÀ̹ö°¡ °´Ã¼¸¦ °ü¸®ÇÏ°í À¯ÁöÇÏ´Â °úÁ¤ÀÇ ¿À·ù·Î ÀÎÇÑ ±ÇÇÑ»ó½Â
Ãë¾àÁ¡ÀÌ ¹ß»ý
o ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ·Î±×¿ÂÇÑ °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÀ¿ëÇÁ·Î±×·¥À» ½ÇÇàÇÏ¿© ÀÓÀÇÀÇ
ÄÚµå ½ÇÇà °¡´É
¡Ø °ø°ÝÀÚ´Â À¯È¿ÇÑ ·Î±×¿Â °èÁ¤À» °¡Áö°í ÀÖ´Â »óÅ¿¡¼ ·ÎÄÿ¡¼¸¸ °ø°ÝÀÌ °¡´ÉÇÔ.
¿ø°Ý¿¡¼ ¶Ç´Â À͸íÀÇ »ç¿ëÀڷδ °ø°ÝÀÌ ºÒ°¡´É ÇÔ
o °ü·ÃÃë¾àÁ¡ :
- Severity Ratings and Vulnerability Identifiers
- Vulnerability Type 1: Win32k Use After Free Vulnerability
- Vulnerability Type 2: Win32k Null Pointer De-reference Vulnerability
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1 and Windows Vista SP2
- Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008
for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems and Windows Server 2008
for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008
for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems SP1
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems SP1
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2
for x64-based Systems SP1
- Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2
for Itanium-based Systems SP1
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-034.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-034.mspx
¿øº» : http://www.krcert.or.kr
|
