°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-12-09
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ ( hosting@hhosting.co.kr ) µî·ÏÁ¤º¸ 2009-12-10 11:10:00 Á¶È¸¼ö 29362
MS09-069] Local Security Authority Subsystem Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀ» ¼­ºñ½º °ÅºÎ »óÅ À¯¹ßÇÒ ¼ö ÀÖÀ½

¡à ¼³¸í
o Local Security Authority Subsystem Service (LSASS)°¡ ¼ö½ÅµÈ ISAKMP ¿äû ¸Þ½ÃÁö¸¦
ºÎÀûÀýÇÏ°Ô Ã³¸®ÇÏ¿© ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
o IPsecÀ» ÅëÇØ LSASS ¼­¹ö¿¡ ÀÎÁõµÇ¾î ¿¬°áµÈ ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ISAKMP
¸Þ½ÃÁö¸¦ º¸³» CPU ÀÚ¿øÀ» ¼Òºñ½Ã۰í, ¼­ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇÒ ¼ö ÀÖÀ½
¡Ø Local Security Subsystem Authority Service (LSASS) : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ ¹×
Active Directory ÇÁ·Î¼¼½º¸¦ °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼­ºñ½º
¡Ø IPsec(Internet Protocol security) : ¾Ïȣȭ º¸¾È ¼­ºñ½º¸¦ »ç¿ëÇÏ¿© IP(Internet Protocol)
³×Æ®¿öÅ©¸¦ ÅëÇÑ ºñ°ø°³ º¸¾È Åë½ÅÀ» °¡´ÉÇÏ°Ô ÇÏ´Â °ø°³ Ç¥ÁØ ÇÁ·¹ÀÓ¿öÅ©
¡Ø Internet Security Association and Key Management Protocol (ISAKMP) : µ¶¸³ÀûÀÎ
Ű ±³È¯ ÇÁ·ÎÅäÄÝ, ¾Ïȣȭ/¹«°á¼º ¾Ë°í¸®Áò, ÀÎÁõ ¹æ¹ýÀ» Çù»óÇϱâ À§ÇÑ ÇÁ·¹ÀÓ¿öÅ©
o °ü·ÃÃë¾àÁ¡ :
- Local Security Authority Subsystem Service Resource Exhaustion Vulnerability - CVE-2009-3675
o ¿µÇâ : ¼­ºñ½º °ÅºÎ
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-069.mspx


[MS09-070] Active Directory Federation Services Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Active Directory Federation Services(ADFS)ÀÇ ¼¼¼Ç °ü¸® °ËÁõÀÇ ¹®Á¦·Î ÀÎÇÑ ½ºÇªÇÎ
Ãë¾àÁ¡ ¹× ADFS°¡ ¼³Á¤µÈ À¥ ¼­¹öÀÇ Å¬¶óÀÌ¾ðÆ® ¿äû °ËÁõ ¿À·ù·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡
o °ø°ÝÀÚ´Â SSO(single sign-on) ±â´ÉÀÌ ¼³Á¤µÈ ADFS¸¦ »ç¿ëÇÏ´Â À¥ »çÀÌÆ®¸¦ ´ë»óÀ¸·Î ´Ù¸¥
»ç¿ëÀÚ·Î À§ÀåÇÏ¿© ÇØ´ç ±ÇÇÑÀ» ȹµæ °¡´É (¼¼¼Ç ŸÀӾƿô ±âº» ¼³Á¤ °ªÀº 600ºÐ)
o °ø°ÝÀÚ´Â ADFS°¡ ¼³Á¤µÈ IIS À¥ ¼­¹ö·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ HTTP ¿äûÀ» Àü¼ÛÇÏ¿© Worker
Process Identity (WPI) ±ÇÇÑÀ¸·Î ¿ø°ÝÄÚµå½ÇÇà °¡´É
¡Ø Active Directory Federation Services (ADFS) : Windows ¹× ºñ Windows ȯ°æÀ» ºñ·ÔÇÑ
¿©·¯ Ç÷§Æû¿¡¼­ ÀÛµ¿ÇÒ ¼ö ÀÖ´Â ¶Ù¾î³­ È®À强, ÀÎÅÍ³Ý È®À强 ¹× º¸¾ÈÀ» °®Ãá ºê¶ó¿ìÀú ±â¹ÝÀÇ
ID ¾×¼¼½º ¼Ö·ç¼Ç
o °ü·ÃÃë¾àÁ¡ :
- Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508
- Remote Code Execution in ADFS Vulnerability - CVE-2009-2509
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-070.mspx


[MS09-071] Internet Authentication Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Internet Authentication Service(IAS)¿¡¼­ ¼ö½ÅÇÑ Protected Extensible Authentication
Protocol (PEAP) ÀÎÁõ ¸Þ½ÃÁö¸¦ ó¸®ÇÒ ¶§, ƯÁ¤ ¸Þ¸ð¸® ±¸Á¶Ã¼¸¦ º¹»çÇÏ´Â °úÁ¤¿¡¼­ÀÇ ¿À·ù·Î
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
o IASÀÇ Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP v2) ÀÎÁõ ¿äû °ËÁõ ½Ã ¿À·ù·Î ÀÎÇØ ±ÇÇÑ»ó½Â Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PEAP ÀÎÁõ ¿äûÀ» IAS ¼­¹ö·Î º¸³» °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ Äڵ带
½ÇÇàÇÒ ¼ö ÀÖÀ½
o °ø°ÝÀÚ´Â Á¶ÀÛµÈ MS-CHAP v2 ÀÎÁõ ¿äûÀ» Àü¼ÛÇÏ¿© ƯÁ¤ Àΰ¡µÈ »ç¿ëÀÚÀÇ ±ÇÇÑÀ» ȹµæÇÏ¿©
³×Æ®¿öÅ© ÀÚ¿øÀ» Á¢±Ù °¡´ÉÇÔ
¡Ø Internet Authentication Service (IAS) : Microsoft°¡ ±¸ÇöÇÑ Remote Authentication
Dial-in User Service (RADIUS) ¼­¹ö ¹× ÇÁ¶ô½Ã·Î¼­, ¹«¼± ¹× VPN ¿¬°áÀ» ºñ·ÔÇÑ ´Ù¾çÇÑ
³×Æ®¿öÅ© ¾×¼¼½º ±ÇÇÑÀ» À§ÇÑ Áß¾ÓÈ­µÈ ¿¬°á ÀÎÁõ, ±ÇÇÑ ºÎ¿© ¹× °èÁ¤ °ü¸®¸¦ ¼öÇà ±â´ÉÀ»
Á¦°øÇÏ´Â À©µµ¿ì ¼­¹öÀÇ ±¸¼º ¿ä¼Ò
¡Ø Protected Extensible Authentication Protocol (PEAP) : ¹«¼± ÄÄÇ»ÅÍ °°Àº PEAP
Ŭ¶óÀÌ¾ðÆ®¿Í IAS ¶Ç´Â RADIUS ¼­¹ö °°Àº PEAP ÀÎÁõÀÚ °£¿¡ ¾ÏȣȭµÈ ä³ÎÀ» »ý¼º
¡Ø Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
: ÆÐ½º¿öµåÀÇ Àü¼Û ¾øÀÌ »óÈ£ ÀÎÁõÀ» Çϱâ À§ÇÑ challenge-response ÇÁ·ÎÅäÄÝ
o °ü·ÃÃë¾àÁ¡ :
- Internet Authentication Service Memory Corruption Vulnerability - CVE-2009-2505
- MS-CHAP Authentication Bypass Vulnerability - CVE-2009-3677
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-071.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-071.mspx


[MS09-072] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Ãë¾àÇÑ Microsoft Active Template Library (ATL) Çì´õ¸¦ »ç¿ëÇØ ºôµåµÈ ActiveX ÄÁÆ®·Ñ¿¡
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© ų(Kill) ºñÆ®¿Í °°Àº º¸¾È Á¤Ã¥À» ¿ìȸÇÒ ¼ö ÀÖ´Â ÀÓÀÇÀÇ
¿ÀºêÁ§Æ®¸¦ ÃʱâÈ­ÇÒ ¼ö ÀÖÀ½
o IE°¡ ÃʱâÈ­µÇÁö ¾Ê°Å³ª »èÁ¦µÈ ¿ÀºêÁ§Æ®¸¦ Á¢±ÙÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà
Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÏ¿© »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÔ.
°ø°ÝÀÌ ¼º°øÇÏ¸é ·Î±×¿Â »ç¿ëÀÚÀÇ ±ÇÇÑ È¹µæ °¡´É
¡Ø Active Template Library (ATL) : ÀÛ°í ºü¸¥ COM(Component Object Model) °³Ã¼¸¦
¸¸µé ¼ö ÀÖ´Â ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½º ÁýÇÕ

o °ü·ÃÃë¾àÁ¡ :
- ATL COM Initialization Vulnerability - CVE-2009-2493
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3671
- HTML Object Memory Corruption Vulnerability - CVE-2009-3672
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3673
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3674
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 5.01 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, XP SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, XP SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-072.mspx


[MS09-073] WordPad¿Í OfficeÀÇ ÅØ½ºÆ® º¯È¯±â Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Microsoft WordPad¿Í Microsoft OfficeÀÇ ÅØ½ºÆ® º¯È¯±â°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word 97 ÆÄÀÏÀ»
º¯È¯ÇÏ¿© ¿©´Â °úÁ¤¿¡¼­ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word 97 ÆÄÀÏÀ» WordPad ¶Ç´Â
Microsoft Office Word·Î ¿­µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- WordPad and Office Text converter Memory Corruption Vulnerability - CVE-2009-2506
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Works 8.5
- Microsoft Office Converter Pack
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Microsoft Office Word 2007 SP1, SP2
- Microsoft Office Word Viewer 2003 SP3
- Microsoft Office Word Viewer
- Microsoft Office Compatibility Pack SP1, SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Works 9

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-073.mspx


[MS09-074] Microsoft Office Project Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Microsoft Office Project°¡ Project ÆÄÀÏÀ» ¿­¾î¼­ ¸Þ¸ð¸®¿¡ ·ÎµùÇÒ ¶§, ¸Þ¸ð¸® ÇÒ´çÀ»
ÀûÀýÇÏ°Ô °ËÁõÇÏÁö ¾Ê¾Æ¼­ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Project ÆÄÀÏÀ» ¿­µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø Microsoft Project : ÇÁ·ÎÁ§Æ® °èȹÀ» ¼ö¸³ ¹× ÀÛ¾÷, ÀÏÁ¤, À繫¸¦ °ü¸®Çϱ⠽±µµ·Ï °³¹ßµÈ
ÇÁ·ÎÁ§Æ® °ü¸®¿ë ¿ÀÇǽº ¼ÒÇÁÆ®¿þ¾î
o °ü·ÃÃë¾àÁ¡ :
- Project Memory Validation Vulnerability - CVE-2009-0102
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Project 2000 Service Release 1
- Microsoft Project 2002 SP1
- Microsoft Office Project 2003 SP3
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Project Server 2003 SP3
- Microsoft Office Project 2007 SP1, SP2
- Microsoft Project Portfolio Server 2007 SP1, SP2
- Microsoft Project Server 2007 SP1, SP2

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-074.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-074.mspx
ÃÑ 174 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
102 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 1¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-01-13 2010-01-13 28750
101 PowerDNS Recursor Buffer Overflow Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-01-13 2010-01-13 29385
100 Áö¿¥º¸µå(gmBoard) Ãë¾àÁ¡ ¹× ¼­ºñ½º ÁßÁö¿¡ µû¸¥ ÀÌ¿ëÀÚ ÁÖÀÇ - 2010-01-11 2010-01-11 29393
99 MS IIS ÆÄÀÏ È®ÀåÀÚ Ã³¸®¿À·ù Ãë¾àÁ¡ ÁÖÀÇ - 2009-12-29 2009-12-29 30205
98 Adobe Flash Player ¹× Air ´ÙÁß Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-12-10 2009-12-11 29764
=> [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-12-09 2009-12-10 29362
96 MS IE Style Object Á¦·Îµ¥ÀÌ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ - 2009-11-24 2009-11-24 29965
95 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-11-11 2009-11-11 29348
94 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-10-14 2009-10-14 29063
93 Adobe Reader/Acrobat ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇØ ÁÖÀÇ 2009-10-12 30327
92 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 9¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2009-09-09 30750
91 [MS09-039] MS WINS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 33908
90 [MS09-040] MS Message Queuing ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â 2009-08-12 34071
89 [MS09-041] MS ¿öÅ©½ºÅ×ÀÌ¼Ç ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦ 2009-08-12 34216
88 [MS09-042] Telnet Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34930
87 [MS09-043] MS Office Web Component Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34507
86 [MS09-044] MS Remote Desktop Connection Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ 2009-08-12 34765
85 [MS º¸¾È¾÷µ¥ÀÌÆ®]2009³â 8¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2009-08-12 2009-08-12 34175
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1