[MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 9¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-09-09
³»¿ë:
Windows Media Format(MS09-047) ¹× DHTML ¿¡µðÆà ÄÄÆ÷³ÍÆ® ¾×Ƽºê¿¢½º ÄÁÆ®·Ñ
(MS09-046) µîÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ 9¿ù MS Á¤±âº¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ¾úÀ¸´Ï, Á¶¼ÓÈ÷ ÆÐÄ¡
ÇϽñ⠹ٶø´Ï´Ù.
[MS09-045] JScript ½ºÅ©¸³Æà ¿£Áø Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o JScript ½ºÅ©¸³Æà ¿£ÁøÀÌ Æ¯º°ÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁöÀÇ ½ºÅ©¸³Æ®¸¦ ÀûÀýÇÏ°Ô Ã³¸®ÇÏÁö ¸øÇÏ´Â
Ãë¾àÁ¡À¸·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà°¡´É ¹®Á¦Á¡
¡Ø JScript : ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®ÀÇ ½ºÅ©¸³Æ® ¾ð¾î
o °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×ÀÎÇÑ »ç¿ëÀÚ°¡ Ưº°ÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ̳ª À¥»çÀÌÆ®¸¦ ¹æ¹®ÇÏ¿´À» °æ¿ì
°ø°ÝÀÚ´Â ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸ðµç ±ÇÇÑÀ» ȹµæ
o °ü·ÃÃë¾àÁ¡ :
- JScript Remote Code Execution Vulnerability - CVE-2009-1920
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- JScript 5.1 and JScript 5.6 on Windows 2000 SP4
- JScript 5.6 on Windows XP SP2
- JScript 5.7 with IE7 on Windows XP SP2
- JScript 5.7 on Windows XP SP3
- JScript 5.8 with IE8 on Windows XP SP2, SP3
- JScript 5.6, JScript 5.7 with IE7, JScript 5.8 with IE8 on Windows XP Pro x64 Edition SP2
- JScript 5.6, JScript 5.7 with IE7, JScript 5.8 with IE8 on Windows Server 2003 SP2
- JScript 5.6, JScript 5.7 with IE7, JScript 5.8 with IE8 on Windows Server 2003 x64 Edition
SP2
- JScript 5.6, JScript 5.7 with IE7 on Windows Server 2003 with SP2 for Itanium-based
Systems
- JScript 5.7, JScript 5.8 with IE8 on Windows Vista, SP1, SP2
- JScript 5.7, JScript 5.8 with IE8 on Windows Vista x64 Edition, SP1, SP2
- JScript 5.7, JScript 5.8 with IE8 on Windows Server 2008 for 32-bit Systems, SP2
- JScript 5.7, JScript 5.8 with IE8 on Windows Server 2008 for x64-based Systems, SP2
- JScript 5.7 on Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-045.mspx
o ÇÑ±Û :
[MS09-046] DHTML ¿¡µðÆà ÄÄÆ÷³ÍÆ® ActiveX ÄÁÆ®·Ñ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇ๮Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ·Î±×ÀÎÇÑ »ç¿ëÀÚ¿Í µ¿ÀÏÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o DHTML ¿¡µðÆà ÄÄÆ÷³ÍÆ® ¾×Ƽºê¿¢½º ÄÁÆ®·ÑÀÌ Æ¯º°ÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ÀûÀýÇÏ°Ô Ã³¸®ÇÏÁö
¸øÇÏ´Â Ãë¾àÁ¡À¸·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà°¡´É ¹®Á¦Á¡
¡Ø DHTML : Dynamic HyperText Makeup Language, À¥ ¹®¼ÀÇ ±¸¼º¿ä¼ÒµéÀ» °´Ã¼ÈÇØ
½ºÅ©¸³Æ® ¾ð¾î¸¦ ÅëÇØ µ¿ÀûÀ¸·Î Ç¥ÇöÇÏ´Â ±â¼ú
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÏ¿© »ç¿ëÀÚ°¡ ¹æ¹®Çϵµ·Ï ÇÔÀ¸·Î½á ¿ø°ÝÄÚµå½ÇÇàÀ» ÇÏ°í
°ø°ÝÀÌ ¼º°øÇÑ °æ¿ì ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×ÀÎµÈ »ç¿ëÀÚ¿Í µ¿ÀÏÇÑ ±ÇÇÑ È¹µæ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- DHTML Editing Component ActiveX Control Vulnerability - CVE-2009-2519
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2 and Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1,SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64, Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-046.mspx
o ÇÑ±Û :
[MS09-047] Windows Media Format Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MS Windows°¡ Ưº°ÇÏ°Ô Á¶ÀÛµÈ ASF, MP3 ¹Ìµð¾î ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå ½ÇÇà
¹®Á¦Á¡ ¹ß»ý
o °ø°ÝÀÚ°¡ °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×ÀÎÇÑ »ç¿ëÀÚ¿¡ ´ëÇØ °ø°ÝÀ» ¼º°øÇÏ¿´À» °æ¿ì ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸ðµç
±ÇÇÑÀ» ȹµæÀ» ȹµæÇÏ¿© ÇÁ·Î±×·¥ÀÇ ¼³Ä¡, µ¥ÀÌÅÍÀÇ ¼öÁ¤, »èÁ¦ ¹× °èÁ¤»ý¼º µîÀ» ¼öÇàÇÒ ¼ö ÀÖÀ½
o °ü·ÃÃë¾àÁ¡ :
- Windows Media Header Parsing Invalid Free Vulnerability - CVE-2009-2498
- Windows Media Playback Memory Corruption Vulnerability - CVE-2009-2499
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Media Format Runtime 9.0 on Windows 200 SP4
- Windows Media Format Runtime 9.0, 9.5, 11 on Windows XP SP2, SP3
- Windows Media Format Runtime 9.5, 9.5 x64 Edition on Windows XP Pro x64 Edition SP2
- Windows Media Format Runtime 11 on Windows XP Pro x64 Edition SP2
- Windows Media Format Runtime 9.5 Windows Server 2003 SP2
- Windows Media Format Runtime 9.5, 9.5 x64 Edition on Windows Server 2003 x64
Edition SP2
- Windows Media Format Runtime 11 and Microsoft Media Foundation on Windows Vista,
Sp1, SP2
- Windows Media Format Runtime 11 and Microsoft Media Foundation on Windows Vista
x64 Edition, SP1, SP2
- Windows Media Format Runtime and Microsoft Media Foundation on Windows Server
2008 for 32-bit Systems, SP2
- Windows Media Format Runtime and Microsoft Media Foundation on Windows Server
2008 for x64-based Systems, SP2
- Windows Media Services 9.1 on Windows Server 2003 SP2
- Windows Media Services 9.1 on Windows Server 2003 x64 Edition SP2
- Windows Media Services 2008 on Windows Server 2008 for 32-bit Systems, SP2
- Windows Media Services 2008 on Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-047.mspx
o ÇÑ±Û :
[MS09-048] À©µµ¿ìÁî TCP/IP Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows TCP/IP ½ºÅÃÀÇ »óÅ Á¤º¸°¡ ¿Ã¹Ù¸£°Ô »èÁ¦µÇÁö ¾ÊÀ½À¸·Î½á ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ
¹®Á¦Á¡ Á¸Àç
o °ø°ÝÀڴ Ưº°ÇÏ°Ô Á¶ÀÛµÈ TCP/IP ÆÐŶÀ» ³×Æ®¿öÅ©»ó¿¡ µ¿ÀÛÇÏ´Â ¼ºñ½º·Î Àü¼ÛÇÔÀ¸·Î½á
¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- TCP/IP Zero Window Size Vulnerability - CVE-2008-4609
- TCP/IP Timestamps Code Execution Vulnerability - CVE-2009-1925
- TCP/IP Orphaned Connections Vulnerability - CVE-2009-1926
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹Þ´ÂÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2*
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
o ÇÑ±Û :
[MS09-049] ¹«¼± ·£ ÀÚµ¿¼³Á¤ ¼ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o ¹«¼± ·£ ÀÚµ¿¼³Á¤ ¼ºñ½º°¡ ¹«¼± ³×Æ®¿öÅ©·ÎºÎÅÍ Æ¯º°ÇÏ°Ô Á¶ÀÛµÈ ÇÁ·¹ÀÓÀ» ºñÁ¤»óÀûÀ¸·Î
ó¸®ÇÔÀ¸·Î½á ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ ¹®Á¦°¡ Á¸Àç
o ¸¸¾à »ç¿ëÀÚ°¡ °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×ÀÎÇØ ÀÖÀ» °æ¿ì °ø°ÝÀÌ ¼º°øÇÏ¸é °ø°ÝÀÚ´Â ¿µÇâ ¹Þ´Â
½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ °¡´É
o °ü·ÃÃë¾àÁ¡
- Wireless Frame Parsing Remote Code Execution Vulnerability - CVE-2009-1132
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-049.mspx
o ÇÑ±Û :
|
