SMBv2(MS09-050) ¹× IIS FTP ¼ºñ½º(MS09-053) µîÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ
10¿ù MS Á¤±âº¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ¾úÀ¸´Ï, Á¶¼ÓÈ÷ ÆÐÄ¡ÇϽñ⠹ٶø´Ï´Ù.
[MS09-050] SMBv2 Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Microsoft WindowsÀÇ SMBv2 ¸ðµâÀÌ SMB ¿äûÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ½Ã½ºÅÛÀÌ ºñÁ¤»óÀûÀ¸·Î
Á¾·áµÇ°Å³ª ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Microsoft SMB (Server Message Block): Microsoft Windows¿¡¼ »ç¿ëÇÏ´Â
³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯ ÇÁ·ÎÅäÄÝ
¡Ø SMBv2 : Windows Vista¿Í Windows Server 2008¿¡¼ ³×Æ®¿öÅ© ±â´É Çâ»óÀ» À§ÇØ µµÀÔÇÑ
"Â÷¼¼´ë TCP/IP ½ºÅÃ"¿¡ ±¸ÇöµÈ »õ·Î¿î ¹öÀüÀÇ SMB ÇÁ·ÎÅäÄÝ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» Àü¼ÛÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- SMBv2 Infinite Loop Vulnerability - CVE-2009-2526
- SMBv2 Command Value Vulnerability - CVE-2009-2532
- SMBv2 Negotiation Vulnerability - CVE-2009-3103
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server x64 Edition 2003 SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-050.mspx
[MS09-051] Windows Media Runtime Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Media RuntimeÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏÀ̳ª ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ ó¸®ÇÏ´Â
°úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Windows Media Runtime : À©µµ¿ìÁî¿¡¼ ¹Ìµð¾î ÆÄÀÏ ¹× ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ Àç»ýÇϱâ
À§ÇØ ÇÊ¿äÇÑ ·±Å¸ÀÓ ¶óÀ̺귯¸®
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÆÄÀÏÀ̳ª ½ºÆ®¸®¹Ö ÄÁÅÙÃ÷¸¦ À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï
ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Media Runtime Voice Sample Rate Vulnerability - CVE-2009-0555
- Windows Media Runtime Heap Corruption Vulnerability - CVE-2009-2525
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- DirectShow WMA Voice Codec on Windows 2000 SP4
- Windows Media Audio Voice Decoder on Windows 2000 SP4
- Audio Compression Manager on Windows 2000 SP4
- DirectShow WMA Voice Codec on Windows XP SP2, SP3
- Windows Media Audio Voice Decoder on Windows XP SP2, SP3
- Audio Compression Manager on Windows XP SP2, SP3
- DirectShow WMA Voice Codec on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
on Windows XP Professional x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 11 on
Windows XP Professional x64 Edition SP2
- Audio Compression Manager on Windows XP Professional x64 Edition SP2
- DirectShow WMA Voice Codec on Windows Server 2003 SP2
- Windows Media Audio Voice Decoder on Windows Server 2003 SP2
- Audio Compression Manager on Windows Server 2003 SP2
- DirectShow WMA Voice Codec on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
on Windows Server 2003 x64 Edition SP2
- Audio Compression Manager on Windows Server 2003 x64 Edition SP2
- Windows Media Audio Voice Decoder on Windows Vista, SP1, SP2
- Windows Media Audio Voice Decoder on Windows Vista x64 Edition, SP1, SP2
- Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems, SP2
- Windows Media Audio Voice Decoder on Windows Server 2008
for x64-based Systems SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-051.mspx
[MS09-052] Windows Media Player Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows Media Player 6.4 ¹öÀüÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ASF ¹Ìµð¾î ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼
¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ASF ¹Ìµð¾î ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- WMP Heap Overflow Vulnerability - CVE-2009-2527
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Media Player 6.4 on Windows 200 SP4
- Windows Media Player 6.4 on Windows XP SP2, SP3
- Windows Media Player 6.4 on Windows XP Pro x64 Edition SP2
- Windows Media Player 6.4 on Windows Server 2003 SP2
- Windows Media Player 6.4 on Windows Server 2003 x64 Edition SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-052.mspx
[MS09-053] IIS FTP ¼ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o IIS¿¡¼ Á¦°øÇÏ´Â FTP ¼ºñ½º°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¸í·É¾î¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ°¡
ÀϾ°Å³ª ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø IIS (Internet Information Services) : ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç¿¡¼ Á¦°øÇÏ´Â Web, FTP
µîÀÇ ¼¹ö ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¸í·É¾î¸¦ FTP ¼¹ö¿¡ Àü¼ÛÇÔÀ¸·Î½á ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ »ó¿¡¼ ¼ºñ½º
°ÅºÎ°¡ ÀϾ°Å³ª ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- IIS FTP Service DoS Vulnerability - CVE-2009-2521
- IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- IIS 5.0 (FTP 5.0) on Windows 2000 SP4
- IIS 5.1 (FTP 5.1) on Windows XP SP2, SP3
- IIS 5.1 (FTP 5.1) on Windows XP Professional x64 Edition SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 x64 Edition SP2
- IIS 6.0 (FTP 6.0) on Windows Server 2003 with SP2 for Itanium-based Systems
- IIS 7.0 (FTP 6.0) on Windows Vista, SP1, SP2
- IIS 7.0 (FTP 6.0) on Windows Vista x64 Edition, SP1, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for 32-bit Systems, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for x64-based Systems, SP2
- IIS 7.0 (FTP 6.0) on Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- IIS 7.0 (FTP 7.5) on Windows Vista, SP1, SP2
- IIS 7.0 (FTP 7.5) on Windows Vista x64 Edition, SP1, SP2
- IIS 7.0 (FTP 7.5) on Windows Server 2008 for 32-bit Systems, SP2
- IIS 7.0 (FTP 7.5) on Windows Server 2008 for x64-based Systems, SP2
- IIS 7.5 (FTP 7.5) on Windows 7 for 32-bit Systems
- IIS 7.5 (FTP 7.5) on Windows 7 for x64-based Systems
- IIS 7.5 (FTP 7.5) on Windows Server 2008 R2 for x64-based Systems
- IIS 7.5 (FTP 7.5) on Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx
[MS09-054] Internet Explorer ´©Àû º¸¾È¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Internet Explorer¿¡¼ ÃʱâȵÇÁö ¾ÊÀº ¸Þ¸ð¸®¿¡ Á¢±ÙÇϰųª Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ó¸®ÇÏ´Â
°úÁ¤¿¡¼ ¹ß»ýÇÏ´Â ¸Þ¸ð¸® ¹®Á¦·Î ÀÎÇÏ¿© ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÏ¿© »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÔ.
°ø°ÝÀÌ ¼º°øÇÏ¸é °ø°ÝÀÚ´Â ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ °¡´É
o °ü·ÃÃë¾àÁ¡
- Data Stream Header Corruption Vulnerability - CVE-2009-1547
- HTML Component Handling Vulnerability - CVE-2009-2529
- Uninitialized Memory Corruption Vulnerability - CVE-2009-2530
- Uninitialized Memory Corruption Vulnerability - CVE-2009-2531
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-054.mspx
[MS09-055] ActiveX Kill Bits ´©Àû º¸¾È¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ATLÀ» ÀÌ¿ëÇÏ¿© ÄÄÆÄÀÏµÈ ActiveX ÄÁÆ®·ÑÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦
ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø ATL (Active Template Library) : COM(Component Object Model) °´Ã¼
ÇÁ·Î±×·¡¹ÖÀ» ´Ü¼øÈÇϱâ À§ÇÑ ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½ºÀÇ ÁýÇÕ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- ATL COM Initialization Vulnerability- CVE-2009-2493
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx
[MS09-056] CryptoAPI Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ÀÎÁõ °úÁ¤¿¡¼ Àΰ¡µÈ ÀÎÁõ¼·Î ½ºÇªÇÎÀÌ °¡´ÉÇÔ
¡Ø ½ºÇªÇÎ(Spoofing) : °ø°ÝÀÚ°¡ ÀÚ½ÅÀÇ Á¤º¸¸¦ ´Ù¸¥ °ÍÀ¸·Î À§ÀåÇÏ¿© º¯Ä¢ÀûÀ¸·Î À¯¸®ÇÔÀ» ¾ò´Â
°ø°Ý ¹æ¹ý
¡à ¼³¸í
o CryptoAPI°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÎÁõ¼¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ½ºÇªÇÎ °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÎÁõ¼¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÀÚ ÀÎÁõÀ» ¿ìȸ °¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- Null Truncation in X.509 Common Name Vulnerability - CVE-2009-2510
- Integer Overflow in X.509 Object Identifiers Vulnerability - CVE-2009-2511
o ¿µÇâ : ½ºÇªÇÎ
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
[MS09-057] Indexing Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Internet Explorer¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ Ãë¾àÇÑ Indexing
Service·Î ÀÎÇÏ¿© ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø Indexing Service : ·ÎÄà ¹× ¿ø°Ý ÄÄÇ»ÅÍ¿¡ ÀÖ´Â ÆÄÀÏÀÇ ³»¿ë ¹× ¼Ó¼ºÀ» À妽ÌÇϸç Äõ¸® ¾ð¾î¸¦
ÅëÇØ ÆÄÀÏÀ» ºü¸£°Ô Á¢±ÙÇϵµ·Ï ÇÏ´Â ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Memory Corruption in Indexing Service Vulnerability - CVE-2009-2507
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-057.mspx
[MS09-058] À©µµ¿ìÁî Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ´Â Ä¿³Î ¸ðµå¿¡¼ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà
¡à ¼³¸í
o À©µµ¿ìÁî Ä¿³Î¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý °¡´ÉÇÑ
¹®Á¦Á¡
o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Kernel Integer Underflow Vulnerability - CVE-2009-2515
- Windows Kernel NULL Pointer Dereference Vulnerability - CVE-2009-2516
- Windows Kernel Exception Handler Vulnerability - CVE-2009-2517
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-058.mspx
[MS09-059] LSASS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º °ÅºÎ À¯¹ß
¡à ¼³¸í
o NTLM ÀÎÁõ °úÁ¤ Áß, LSASS°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ°¡
¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø NTLM (NT LanMan) : À©µµ¿ìÁî NT Á¦Ç°±º¿¡ ÀÇÇØ ÀÌ¿ëµÇ´Â ÀÎÁõ ÇÁ·Î¼¼½º
¡Ø LSASS (Local Security Authority Subsystem Service) : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ ¹×
Active Directory ÇÁ·Î¼¼½º¸¦ °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» NTLM ÀÎÁõ °úÁ¤ Áß Àü¼ÛÇÏ¿© °ø°ÝÀ» ½Ãµµ, °ø°ÝÀÌ ¼º°øÇϸé
¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡¼ ¼ºñ½º °ÅºÎ ¹ß»ý
o °ü·ÃÃë¾àÁ¡ :
- Local Security Authority Subsystem Service Integer Overflow Vulnerability -
CVE-2009-2524
o ¿µÇâ : ¼ºñ½º °ÅºÎ
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
[MS09-060] MS Office ATL Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o MS Office°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ATL ÄÁÆ®·ÑÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø ATL (Active Template Library) : COM (Component Object Model) °´Ã¼
ÇÁ·Î±×·¡¹ÖÀ» ´Ü¼øÈÇϱâ À§ÇÑ ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½ºÀÇ ÁýÇÕ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ATL ÄÁÆ®·ÑÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- ATL Uninitialized Object Vulnerability - CVE-2009-0901
- ATL COM Initialization Vulnerability - CVE-2009-2493
- ATL Null String Vulnerability - CVE-2009-2495
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Outlook 2002 SP3 on Microsoft Office XP SP3
- Microsoft Outlook 2003 SP3 on Microsoft Office 2003 SP3
- 2007 Microsoft Office SP1, SP2
- Microsoft Office Visio 2002 Viewer
- Microsoft Office Visio 2003 Viewer
- Microsoft Office Visio Viewer 2007, SP1, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx
[MS09-061] .NET CLR Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o .NET CLRÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ .NET ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà
°¡´ÉÇÑ ¹®Á¦Á¡
¡Ø .NET CLR(Common Language Runtime) : ´å³Ý ÇÁ·¹ÀÓ¿öÅ©¿¡¼ Ç÷§Æû µ¶¸³ÀûÀÎ
¾îÇø®ÄÉÀ̼ÇÀÇ Á¦ÀÛÀ» Áö¿ø
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ .NET ¾îÇø®ÄÉÀ̼ÇÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ
±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Microsoft .NET Framework Pointer Verification Vulnerability - CVE-2009-0090
- Microsoft .NET Framework Type Verification Vulnerability - CVE-2009-0091
- Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability - CVE-2009-2497
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- .NET Framework 1.1 SP1 on Windows 2000 SP4
- .NET Framework 2.0 SP1, SP2 on Windows 2000 SP4
- .NET Framework 1.0 SP3 on Windows XP SP2, SP3
- .NET Framework 1.1 SP1 on Windows XP SP2, SP3
- .NET Framework 2.0 SP1, SP2 on Windows XP SP2, SP3
- .NET Framework 3.5, SP1 on Windows XP SP2, SP3
- .NET Framework 1.1 SP1 on Windows XP Professional x64 Edition SP2
- .NET Framework 2.0 SP1, SP2 on Windows XP Professional x64 Edition SP2
- .NET Framework 3.5, SP1 on Windows XP Professional x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 SP2
- .NET Framework 3.5, SP1 on Windows Server 2003 SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 x64 Edition SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 x64 Edition SP2
- .NET Framework 3.5, SP1 on Windows Server 2003 x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2003 with SP2 for Itanium-based Systems
- .NET Framework 2.0 SP1, SP2 on Windows Server 2003 with SP2 for Itanium-based
Systems
- .NET Framework 3.5, SP1 on Windows Server 2003 with SP2 for Itanium-based Systems
- .NET Framework 1.1 SP1 on Windows Vista, SP1, SP2
- .NET Framework 2.0, SP1, SP2 on Windows Vista
- .NET Framework 3.5, SP1 on Windows Vista
- .NET Framework 2.0 SP1, SP2 on Windows Vista SP1
- .NET Framework 3.5 SP1 on Windows Vista SP1
- .NET Framework 2.0 SP2 on Windows Vista SP2
- .NET Framework 1.1 SP1 on Windows Vista x64 Edition, SP1, SP2
- .NET Framework 2.0, SP1, SP2 on Windows Vista x64 Edition
- .NET Framework 3.5, SP1 on Windows Vista x64 Edition
- .NET Framework 2.0 SP1, SP2 on Windows Vista x64 Edition SP1
- .NET Framework 3.5 SP1 on Windows Vista x64 Edition SP1
- .NET Framework 2.0 SP2 on Windows Vista x64 Edition SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for 32-bit Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for 32-bit Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for 32-bit Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for 32-bit Systems SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for x64-based Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for x64-based Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for x64-based Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for x64-based Systems SP2
- .NET Framework 1.1 SP1 on Windows Server 2008 for for Itanium-based Systems, SP2
- .NET Framework 2.0 SP1, SP2 on Windows Server 2008 for Itanium-based Systems
- .NET Framework 3.5 SP1 on Windows Server 2008 for Itanium-based Systems
- .NET Framework 2.0 SP2 on Windows Server 2008 for Itanium-based Systems SP2
- .NET Framework 1.1 SP1 on Windows 7 for 32-bit Systems
- .NET Framework 1.1 SP1 on Windows 7 for x64-based Systems
- .NET Framework 1.1 SP1 on Windows Server 2008 R2 for x64-based Systems
- .NET Framework 1.1 SP1 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-061.mspx
[MS09-062] GDI+ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o GDI+°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
¡Ø GDI+ (Graphical Device Interface Plus) : ±×·¡ÇÈ ÇÁ·Î±×·¡¹ÖÀ» À§ÇÑ ´å³Ý ÇÁ·¹ÀÓ¿öÅ©ÀÇ
°´Ã¼ ÁöÇâÀû Ŭ·¡½º ¶óÀ̺귯¸®
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- GDI+ WMF Integer Overflow Vulnerability - CVE-2009-2500
- GDI+ PNG Heap Overflow Vulnerability - CVE-2009-2501
- GDI+ TIFF Buffer Overflow Vulnerability - CVE-2009-2502
- GDI+ TIFF Memory Corruption Vulnerability - CVE-2009-2503
- GDI+ .NET API Vulnerability - CVE-2009-2504
- Memory Corruption Vulnerability - CVE-2009-2528
- Office BMP Integer Overflow Vulnerability - CVE-2009-2518
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems
- Internet Explorer 6 SP1 on Windows 2000 SP4
- .NET Framework 1.1 SP1 on Windows 2000 SP4
- .NET Framework 2.0 SP1, SP2 on Windows 2000 SP4
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- 2007 Microsoft Office SP1, SP2
- Microsoft Office Project 2002 SP1
- Microsoft Office Visio 2002 SP2
- Microsoft Office Word Viewer
- Microsoft Office Word Viewer 2003, SP3
- Microsoft Office Excel Viewer
- Microsoft Office Excel Viewer 2003 SP3
- PowerPoint Viewer 2007, SP1, SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File
Formats SP1, SP2
- Microsoft Expression Web and Microsoft Expression Web 2
- Microsoft Works 8.5
- SQL Server 2000 Reporting Services SP2
- SQL Server 2005 SP2, SP3
- SQL Server 2005 x64 Edition SP2, SP3
- SQL Server 2005 for Itanium-based Systems SP2, SP3
- Microsoft Visual Studio .NET 2003 SP1
- Microsoft Visual Studio 2005 SP1
- Microsoft Visual Studio 2008, SP1
- Microsoft Report Viewer 2005 SP1 Redistributable Package, SP1
- Microsoft Visual FoxPro 8.0 SP1, SP2
- Microsoft Platform SDK Redistributable: GDI+
- Microsoft Forefront Client Security 1.0
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 SP4
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Microsoft Visio 2003 Viewer
- Microsoft Visio 2007 Viewer, SP1
- Microsoft Office SharePoint Server 2007, SP1
- Microsoft Works 9.0
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- SQL Server 7.0 SP4
- SQL Server 2000 SP4
- SQL Server 2000 Itanium-based Edition SP4
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2005 Express Edition Service Pack 2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-062.mspx |