°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-10-14
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ ( hosting@hhosting.co.kr ) µî·ÏÁ¤º¸ 2009-10-14 09:07:00 Á¶È¸¼ö 29063
SMBv2(MS09-050) ¹× IIS FTP ¼­ºñ½º(MS09-053) µîÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ
10¿ù MS Á¤±âº¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ¾úÀ¸´Ï, Á¶¼ÓÈ÷ ÆÐÄ¡ÇϽñ⠹ٶø´Ï´Ù.

[MS09-050] SMBv2 Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Microsoft WindowsÀÇ SMBv2 ¸ðµâÀÌ SMB ¿äûÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ½Ã½ºÅÛÀÌ ºñÁ¤»óÀûÀ¸·Î
Á¾·áµÇ°Å³ª ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Microsoft SMB (Server Message Block): Microsoft Windows¿¡¼­ »ç¿ëÇÏ´Â
³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯ ÇÁ·ÎÅäÄÝ
¡Ø SMBv2 : Windows Vista¿Í Windows Server 2008¿¡¼­ ³×Æ®¿öÅ© ±â´É Çâ»óÀ» À§ÇØ µµÀÔÇÑ
"Â÷¼¼´ë TCP/IP ½ºÅÃ"¿¡ ±¸ÇöµÈ »õ·Î¿î ¹öÀüÀÇ SMB ÇÁ·ÎÅäÄÝ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» Àü¼ÛÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- SMBv2 Infinite Loop Vulnerability - CVE-2009-2526
- SMBv2 Command Value Vulnerability - CVE-2009-2532
- SMBv2 Negotiation Vulnerability - CVE-2009-3103
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server x64 Edition 2003 SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-050.mspx



[MS09-051] Windows Media Runtime Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Windows Media RuntimeÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏÀ̳ª ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ ó¸®ÇÏ´Â
°úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Windows Media Runtime : À©µµ¿ìÁî¿¡¼­ ¹Ìµð¾î ÆÄÀÏ ¹× ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ Àç»ýÇϱâ
À§ÇØ ÇÊ¿äÇÑ ·±Å¸ÀÓ ¶óÀ̺귯¸®
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏÀ̳ª ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï
ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Media Runtime Voice Sample Rate Vulnerability - CVE-2009-0555
- Windows Media Runtime Heap Corruption Vulnerability - CVE-2009-2525
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- DirectShow WMA Voice Codec on Windows 2000 SP4
- Windows Media Audio Voice Decoder on Windows 2000 SP4
- Audio Compression Manager on Windows 2000 SP4
- DirectShow WMA Voice Codec on Windows XP SP2, SP3
- Windows Media Audio Voice Decoder on Windows XP SP2, SP3
- Audio Compression Manager on Windows XP SP2, SP3
- DirectShow WMA Voice Codec on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 11 on
Windows XP Professional x64 Edition SP2
- Audio Compression Manager on Windows XP Professional x64 Edition SP2
- DirectShow WMA Voice Codec on Windows Server 2003 SP2
- Windows Media Audio Voice Decoder on Windows Server 2003 SP2
- Audio Compression Manager on Windows Server 2003 SP2
- DirectShow WMA Voice Codec on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
on Windows Server 2003 x64 Edition SP2
- Audio Compression Manager on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows Vista, SP1, SP2
- Windows Media Audio Voice Decoder on Windows Vista x64 Edition, SP1, SP2
- Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems, SP2
- Windows Media Audio Voice Decoder on Windows Server 2008
for x64-based Systems SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-051.mspx



[MS09-052] Windows Media Player Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Windows Media Player 6.4 ¹öÀüÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ASF ¹Ìµð¾î ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­
¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ASF ¹Ìµð¾î ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- WMP Heap Overflow Vulnerability - CVE-2009-2527
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Media Player 6.4 on Windows 200 SP4
- Windows Media Player 6.4 on Windows XP SP2, SP3
- Windows Media Player 6.4 on Windows XP Pro x64 Edition SP2
- Windows Media Player 6.4 on Windows Server 2003 SP2
- Windows Media Player 6.4 on Windows Server 2003 x64 Edition SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-052.mspx



[MS09-053] IIS FTP ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o IIS¿¡¼­ Á¦°øÇÏ´Â FTP ¼­ºñ½º°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¸í·É¾î¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¼­ºñ½º °ÅºÎ°¡
ÀϾ°Å³ª ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø IIS (Internet Information Services) : ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç¿¡¼­ Á¦°øÇÏ´Â Web, FTP
µîÀÇ ¼­¹ö ¼­ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¸í·É¾î¸¦ FTP ¼­¹ö¿¡ Àü¼ÛÇÔÀ¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ »ó¿¡¼­ ¼­ºñ½º
°ÅºÎ°¡ ÀϾ°Å³ª ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- IIS FTP Service DoS Vulnerability - CVE-2009-2521
- IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- IIS 5.0 (FTP 5.0) on Windows 2000 SP4
- IIS 5.1 (FTP 5.1) on Windows XP SP2, SP3
- IIS 5.1 (FTP 5.1) on Windows XP Professional x64 Edition SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 x64 Edition SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 with SP2 for Itanium-based Systems
- IIS 7.0 (FTP 6.0) on Windows Vista, SP1, SP2
- IIS 7.0 (FTP 6.0) on Windows Vista x64 Edition, SP1, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for 32-bit Systems, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for x64-based Systems, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- IIS 7.0 (FTP 7.5) on Windows Vista, SP1, SP2
- IIS 7.0 (FTP 7.5) on Windows Vista x64 Edition, SP1, SP2
- IIS 7.0 (FTP 7.5) on Windows Server 2008 for 32-bit Systems, SP2
- IIS 7.0 (FTP 7.5) on Windows Server 2008 for x64-based Systems, SP2
- IIS 7.5 (FTP 7.5) on Windows 7 for 32-bit Systems
- IIS 7.5 (FTP 7.5) on Windows 7 for x64-based Systems
- IIS 7.5 (FTP 7.5) on Windows Server 2008 R2 for x64-based Systems
- IIS 7.5 (FTP 7.5) on Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx



[MS09-054] Internet Explorer ´©Àû º¸¾È¾÷µ¥ÀÌÆ®

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Internet Explorer¿¡¼­ ÃʱâÈ­µÇÁö ¾ÊÀº ¸Þ¸ð¸®¿¡ Á¢±ÙÇϰųª Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ó¸®ÇÏ´Â
°úÁ¤¿¡¼­ ¹ß»ýÇÏ´Â ¸Þ¸ð¸® ¹®Á¦·Î ÀÎÇÏ¿© ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÏ¿© »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÔ.
°ø°ÝÀÌ ¼º°øÇÏ¸é °ø°ÝÀÚ´Â ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ °¡´É
o °ü·ÃÃë¾àÁ¡
- Data Stream Header Corruption Vulnerability - CVE-2009-1547
- HTML Component Handling Vulnerability - CVE-2009-2529
- Uninitialized Memory Corruption Vulnerability - CVE-2009-2530
- Uninitialized Memory Corruption Vulnerability - CVE-2009-2531
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx



[MS09-055] ActiveX Kill Bits ´©Àû º¸¾È¾÷µ¥ÀÌÆ®

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ATLÀ» ÀÌ¿ëÇÏ¿© ÄÄÆÄÀÏµÈ ActiveX ÄÁÆ®·ÑÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦
ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø ATL (Active Template Library) : COM(Component Object Model) °´Ã¼
ÇÁ·Î±×·¡¹ÖÀ» ´Ü¼øÈ­Çϱâ À§ÇÑ ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½ºÀÇ ÁýÇÕ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- ATL COM Initialization Vulnerability- CVE-2009-2493
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx



[MS09-056] CryptoAPI Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ÀÎÁõ °úÁ¤¿¡¼­ Àΰ¡µÈ ÀÎÁõ¼­·Î ½ºÇªÇÎÀÌ °¡´ÉÇÔ
¡Ø ½ºÇªÇÎ(Spoofing) : °ø°ÝÀÚ°¡ ÀÚ½ÅÀÇ Á¤º¸¸¦ ´Ù¸¥ °ÍÀ¸·Î À§ÀåÇÏ¿© º¯Ä¢ÀûÀ¸·Î À¯¸®ÇÔÀ» ¾ò´Â
°ø°Ý ¹æ¹ý

¡à ¼³¸í
o CryptoAPI°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÎÁõ¼­¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ½ºÇªÇÎ °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÎÁõ¼­¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÀÚ ÀÎÁõÀ» ¿ìȸ °¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- Null Truncation in X.509 Common Name Vulnerability - CVE-2009-2510
- Integer Overflow in X.509 Object Identifiers Vulnerability - CVE-2009-2511
o ¿µÇâ : ½ºÇªÇÎ
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx



[MS09-057] Indexing Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Internet Explorer¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ Ãë¾àÇÑ Indexing
Service·Î ÀÎÇÏ¿© ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Indexing Service : ·ÎÄà ¹× ¿ø°Ý ÄÄÇ»ÅÍ¿¡ ÀÖ´Â ÆÄÀÏÀÇ ³»¿ë ¹× ¼Ó¼ºÀ» À妽ÌÇϸç Äõ¸® ¾ð¾î¸¦
ÅëÇØ ÆÄÀÏÀ» ºü¸£°Ô Á¢±ÙÇϵµ·Ï ÇÏ´Â ¼­ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Memory Corruption in Indexing Service Vulnerability - CVE-2009-2507
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-057.mspx



[MS09-058] À©µµ¿ìÁî Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ´Â Ä¿³Î ¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà

¡à ¼³¸í
o À©µµ¿ìÁî Ä¿³Î¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý °¡´ÉÇÑ
¹®Á¦Á¡
o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼­
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Kernel Integer Underflow Vulnerability - CVE-2009-2515
- Windows Kernel NULL Pointer Dereference Vulnerability - CVE-2009-2516
- Windows Kernel Exception Handler Vulnerability - CVE-2009-2517
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-058.mspx



[MS09-059] LSASS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼­ºñ½º °ÅºÎ À¯¹ß

¡à ¼³¸í
o NTLM ÀÎÁõ °úÁ¤ Áß, LSASS°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¼­ºñ½º °ÅºÎ°¡
¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø NTLM (NT LanMan) : À©µµ¿ìÁî NT Á¦Ç°±º¿¡ ÀÇÇØ ÀÌ¿ëµÇ´Â ÀÎÁõ ÇÁ·Î¼¼½º
¡Ø LSASS (Local Security Authority Subsystem Service) : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ ¹×
Active Directory ÇÁ·Î¼¼½º¸¦ °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼­ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» NTLM ÀÎÁõ °úÁ¤ Áß Àü¼ÛÇÏ¿© °ø°ÝÀ» ½Ãµµ, °ø°ÝÀÌ ¼º°øÇϸé
¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡¼­ ¼­ºñ½º °ÅºÎ ¹ß»ý
o °ü·ÃÃë¾àÁ¡ :
- Local Security Authority Subsystem Service Integer Overflow Vulnerability -
CVE-2009-2524
o ¿µÇâ : ¼­ºñ½º °ÅºÎ
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë


¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx



[MS09-060] MS Office ATL Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o MS Office°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ATL ÄÁÆ®·ÑÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø ATL (Active Template Library) : COM (Component Object Model) °´Ã¼
ÇÁ·Î±×·¡¹ÖÀ» ´Ü¼øÈ­Çϱâ À§ÇÑ ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½ºÀÇ ÁýÇÕ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ATL ÄÁÆ®·ÑÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- ATL Uninitialized Object Vulnerability - CVE-2009-0901
- ATL COM Initialization Vulnerability - CVE-2009-2493
- ATL Null String Vulnerability - CVE-2009-2495
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Outlook 2002 SP3 on Microsoft Office XP SP3
- Microsoft Outlook 2003 SP3 on Microsoft Office 2003 SP3
- 2007 Microsoft Office SP1, SP2
- Microsoft Office Visio 2002 Viewer
- Microsoft Office Visio 2003 Viewer
- Microsoft Office Visio Viewer 2007, SP1, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx



[MS09-061] .NET CLR Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o .NET CLRÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ .NET ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø .NET CLR(Common Language Runtime) : ´å³Ý ÇÁ·¹ÀÓ¿öÅ©¿¡¼­ Ç÷§Æû µ¶¸³ÀûÀÎ
¾îÇø®ÄÉÀ̼ÇÀÇ Á¦ÀÛÀ» Áö¿ø
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ .NET ¾îÇø®ÄÉÀ̼ÇÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Microsoft .NET Framework Pointer Verification Vulnerability - CVE-2009-0090
- Microsoft .NET Framework Type Verification Vulnerability - CVE-2009-0091
- Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability - CVE-2009-2497
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- .NET Framework 1.1 SP1 on Windows 2000 SP4
- .NET Framework 2.0 SP1, SP2 on Windows 2000 SP4
- .NET Framework 1.0 SP3 on Windows XP SP2, SP3
- .NET Framework 1.1 SP1 on Windows XP SP2, SP3
- .NET Framework 2.0 SP1, SP2 on Windows XP SP2, SP3
- .NET Framework 3.5, SP1 on Windows XP SP2, SP3
- .NET Framework 1.1 SP1 on Windows XP Professional x64 Edition SP2
- .NET Framework 2.0 SP1, SP2 on Windows XP Professional x64 Edition SP2
- .NET Framework 3.5, SP1 on Windows XP Professional x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 SP2
- .NET Framework 3.5, SP1 on Windows Server 2003 SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 x64 Edition SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 x64 Edition SP2
- .NET Framework 3.5, SP1 on Windows Server 2003 x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 with SP2 for Itanium-based Systems
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 with SP2 for Itanium-based
Systems
- .NET Framework 3.5, SP1 on Windows Server 2003 with SP2 for Itanium-based Systems
- .NET Framework 1.1 SP1 on Windows Vista, SP1, SP2
- .NET Framework 2.0, SP1, SP2 on Windows Vista
- .NET Framework 3.5, SP1 on Windows Vista
- .NET Framework 2.0 SP1, SP2 on Windows Vista SP1
- .NET Framework 3.5 SP1 on Windows Vista SP1
- .NET Framework 2.0 SP2 on Windows Vista SP2
- .NET Framework 1.1 SP1 on Windows Vista x64 Edition, SP1, SP2
- .NET Framework 2.0, SP1, SP2 on Windows Vista x64 Edition
- .NET Framework 3.5, SP1 on Windows Vista x64 Edition
- .NET Framework 2.0 SP1, SP2 on Windows Vista x64 Edition SP1
- .NET Framework 3.5 SP1 on Windows Vista x64 Edition SP1
- .NET Framework 2.0 SP2 on Windows Vista x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for 32-bit Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for 32-bit Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for 32-bit Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for 32-bit Systems SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for x64-based Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for x64-based Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for x64-based Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for x64-based Systems SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for for Itanium-based Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for Itanium-based Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for Itanium-based Systems SP2
- .NET Framework 1.1 SP1 on Windows 7 for 32-bit Systems
- .NET Framework 1.1 SP1 on Windows 7 for x64-based Systems
- .NET Framework 1.1 SP1 on Windows Server 2008 R2 for x64-based Systems
- .NET Framework 1.1 SP1 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-061.mspx



[MS09-062] GDI+ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o GDI+°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø GDI+ (Graphical Device Interface Plus) : ±×·¡ÇÈ ÇÁ·Î±×·¡¹ÖÀ» À§ÇÑ ´å³Ý ÇÁ·¹ÀÓ¿öÅ©ÀÇ
°´Ã¼ ÁöÇâÀû Ŭ·¡½º ¶óÀ̺귯¸®
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- GDI+ WMF Integer Overflow Vulnerability - CVE-2009-2500
- GDI+ PNG Heap Overflow Vulnerability - CVE-2009-2501
- GDI+ TIFF Buffer Overflow Vulnerability - CVE-2009-2502
- GDI+ TIFF Memory Corruption Vulnerability - CVE-2009-2503
- GDI+ .NET API Vulnerability - CVE-2009-2504
- Memory Corruption Vulnerability - CVE-2009-2528
- Office BMP Integer Overflow Vulnerability - CVE-2009-2518
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems
- Internet Explorer 6 SP1 on Windows 2000 SP4
- .NET Framework 1.1 SP1 on Windows 2000 SP4
- .NET Framework 2.0 SP1, SP2 on Windows 2000 SP4
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- 2007 Microsoft Office SP1, SP2
- Microsoft Office Project 2002 SP1
- Microsoft Office Visio 2002 SP2
- Microsoft Office Word Viewer
- Microsoft Office Word Viewer 2003, SP3
- Microsoft Office Excel Viewer
- Microsoft Office Excel Viewer 2003 SP3
- PowerPoint Viewer 2007, SP1, SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File
Formats SP1, SP2
- Microsoft Expression Web and Microsoft Expression Web 2
- Microsoft Works 8.5
- SQL Server 2000 Reporting Services SP2
- SQL Server 2005 SP2, SP3
- SQL Server 2005 x64 Edition SP2, SP3
- SQL Server 2005 for Itanium-based Systems SP2, SP3
- Microsoft Visual Studio .NET 2003 SP1
- Microsoft Visual Studio 2005 SP1
- Microsoft Visual Studio 2008, SP1
- Microsoft Report Viewer 2005 SP1 Redistributable Package, SP1
- Microsoft Visual FoxPro 8.0 SP1, SP2
- Microsoft Platform SDK Redistributable: GDI+
- Microsoft Forefront Client Security 1.0
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Microsoft Visio 2003 Viewer
- Microsoft Visio 2007 Viewer, SP1
- Microsoft Office SharePoint Server 2007, SP1
- Microsoft Works 9.0
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- SQL Server 7.0 SP4
- SQL Server 2000 SP4
- SQL Server 2000 Itanium-based Edition SP4
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2005 Express Edition Service Pack 2

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-062.mspx
ÃÑ 174 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
102 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 1¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-01-13 2010-01-13 28750
101 PowerDNS Recursor Buffer Overflow Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-01-13 2010-01-13 29384
100 Áö¿¥º¸µå(gmBoard) Ãë¾àÁ¡ ¹× ¼­ºñ½º ÁßÁö¿¡ µû¸¥ ÀÌ¿ëÀÚ ÁÖÀÇ - 2010-01-11 2010-01-11 29393
99 MS IIS ÆÄÀÏ È®ÀåÀÚ Ã³¸®¿À·ù Ãë¾àÁ¡ ÁÖÀÇ - 2009-12-29 2009-12-29 30205
98 Adobe Flash Player ¹× Air ´ÙÁß Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-12-10 2009-12-11 29763
97 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-12-09 2009-12-10 29361
96 MS IE Style Object Á¦·Îµ¥ÀÌ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ - 2009-11-24 2009-11-24 29965
95 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-11-11 2009-11-11 29348
=> [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-10-14 2009-10-14 29063
93 Adobe Reader/Acrobat ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ 2009-10-12 30326
92 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 9¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2009-09-09 30750
91 [MS09-039] MS WINS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 33908
90 [MS09-040] MS Message Queuing ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â 2009-08-12 34070
89 [MS09-041] MS ¿öÅ©½ºÅ×ÀÌ¼Ç ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦ 2009-08-12 34216
88 [MS09-042] Telnet Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34930
87 [MS09-043] MS Office Web Component Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34507
86 [MS09-044] MS Remote Desktop Connection Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34764
85 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 8¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-08-12 2009-08-12 34174
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1