MS09-069] Local Security Authority Subsystem Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀ» ¼ºñ½º °ÅºÎ »óÅ À¯¹ßÇÒ ¼ö ÀÖÀ½
¡à ¼³¸í
o Local Security Authority Subsystem Service (LSASS)°¡ ¼ö½ÅµÈ ISAKMP ¿äû ¸Þ½ÃÁö¸¦
ºÎÀûÀýÇÏ°Ô Ã³¸®ÇÏ¿© ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
o IPsecÀ» ÅëÇØ LSASS ¼¹ö¿¡ ÀÎÁõµÇ¾î ¿¬°áµÈ ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ISAKMP
¸Þ½ÃÁö¸¦ º¸³» CPU ÀÚ¿øÀ» ¼Òºñ½Ã۰í, ¼ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇÒ ¼ö ÀÖÀ½
¡Ø Local Security Subsystem Authority Service (LSASS) : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ ¹×
Active Directory ÇÁ·Î¼¼½º¸¦ °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼ºñ½º
¡Ø IPsec(Internet Protocol security) : ¾ÏÈ£È º¸¾È ¼ºñ½º¸¦ »ç¿ëÇÏ¿© IP(Internet Protocol)
³×Æ®¿öÅ©¸¦ ÅëÇÑ ºñ°ø°³ º¸¾È Åë½ÅÀ» °¡´ÉÇÏ°Ô ÇÏ´Â °ø°³ Ç¥ÁØ ÇÁ·¹ÀÓ¿öÅ©
¡Ø Internet Security Association and Key Management Protocol (ISAKMP) : µ¶¸³ÀûÀÎ
Ű ±³È¯ ÇÁ·ÎÅäÄÝ, ¾ÏÈ£È/¹«°á¼º ¾Ë°í¸®Áò, ÀÎÁõ ¹æ¹ýÀ» Çù»óÇϱâ À§ÇÑ ÇÁ·¹ÀÓ¿öÅ©
o °ü·ÃÃë¾àÁ¡ :
- Local Security Authority Subsystem Service Resource Exhaustion Vulnerability - CVE-2009-3675
o ¿µÇâ : ¼ºñ½º °ÅºÎ
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-069.mspx
[MS09-070] Active Directory Federation Services Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Active Directory Federation Services(ADFS)ÀÇ ¼¼¼Ç °ü¸® °ËÁõÀÇ ¹®Á¦·Î ÀÎÇÑ ½ºÇªÇÎ
Ãë¾àÁ¡ ¹× ADFS°¡ ¼³Á¤µÈ À¥ ¼¹öÀÇ Å¬¶óÀÌ¾ðÆ® ¿äû °ËÁõ ¿À·ù·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡
o °ø°ÝÀÚ´Â SSO(single sign-on) ±â´ÉÀÌ ¼³Á¤µÈ ADFS¸¦ »ç¿ëÇÏ´Â À¥ »çÀÌÆ®¸¦ ´ë»óÀ¸·Î ´Ù¸¥
»ç¿ëÀÚ·Î À§ÀåÇÏ¿© ÇØ´ç ±ÇÇÑÀ» ȹµæ °¡´É (¼¼¼Ç ŸÀӾƿô ±âº» ¼³Á¤ °ªÀº 600ºÐ)
o °ø°ÝÀÚ´Â ADFS°¡ ¼³Á¤µÈ IIS À¥ ¼¹ö·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ HTTP ¿äûÀ» Àü¼ÛÇÏ¿© Worker
Process Identity (WPI) ±ÇÇÑÀ¸·Î ¿ø°ÝÄÚµå½ÇÇà °¡´É
¡Ø Active Directory Federation Services (ADFS) : Windows ¹× ºñ Windows ȯ°æÀ» ºñ·ÔÇÑ
¿©·¯ Ç÷§Æû¿¡¼ ÀÛµ¿ÇÒ ¼ö ÀÖ´Â ¶Ù¾î³ È®À强, ÀÎÅÍ³Ý È®À强 ¹× º¸¾ÈÀ» °®Ãá ºê¶ó¿ìÀú ±â¹ÝÀÇ
ID ¾×¼¼½º ¼Ö·ç¼Ç
o °ü·ÃÃë¾àÁ¡ :
- Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508
- Remote Code Execution in ADFS Vulnerability - CVE-2009-2509
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-070.mspx
[MS09-071] Internet Authentication Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Internet Authentication Service(IAS)¿¡¼ ¼ö½ÅÇÑ Protected Extensible Authentication
Protocol (PEAP) ÀÎÁõ ¸Þ½ÃÁö¸¦ ó¸®ÇÒ ¶§, ƯÁ¤ ¸Þ¸ð¸® ±¸Á¶Ã¼¸¦ º¹»çÇÏ´Â °úÁ¤¿¡¼ÀÇ ¿À·ù·Î
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
o IASÀÇ Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP v2) ÀÎÁõ ¿äû °ËÁõ ½Ã ¿À·ù·Î ÀÎÇØ ±ÇÇÑ»ó½Â Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PEAP ÀÎÁõ ¿äûÀ» IAS ¼¹ö·Î º¸³» °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ Äڵ带
½ÇÇàÇÒ ¼ö ÀÖÀ½
o °ø°ÝÀÚ´Â Á¶ÀÛµÈ MS-CHAP v2 ÀÎÁõ ¿äûÀ» Àü¼ÛÇÏ¿© ƯÁ¤ Àΰ¡µÈ »ç¿ëÀÚÀÇ ±ÇÇÑÀ» ȹµæÇÏ¿©
³×Æ®¿öÅ© ÀÚ¿øÀ» Á¢±Ù °¡´ÉÇÔ
¡Ø Internet Authentication Service (IAS) : Microsoft°¡ ±¸ÇöÇÑ Remote Authentication
Dial-in User Service (RADIUS) ¼¹ö ¹× ÇÁ¶ô½Ã·Î¼, ¹«¼± ¹× VPN ¿¬°áÀ» ºñ·ÔÇÑ ´Ù¾çÇÑ
³×Æ®¿öÅ© ¾×¼¼½º ±ÇÇÑÀ» À§ÇÑ Áß¾ÓÈµÈ ¿¬°á ÀÎÁõ, ±ÇÇÑ ºÎ¿© ¹× °èÁ¤ °ü¸®¸¦ ¼öÇà ±â´ÉÀ»
Á¦°øÇÏ´Â À©µµ¿ì ¼¹öÀÇ ±¸¼º ¿ä¼Ò
¡Ø Protected Extensible Authentication Protocol (PEAP) : ¹«¼± ÄÄÇ»ÅÍ °°Àº PEAP
Ŭ¶óÀÌ¾ðÆ®¿Í IAS ¶Ç´Â RADIUS ¼¹ö °°Àº PEAP ÀÎÁõÀÚ °£¿¡ ¾ÏÈ£ÈµÈ Ã¤³ÎÀ» »ý¼º
¡Ø Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
: ÆÐ½º¿öµåÀÇ Àü¼Û ¾øÀÌ »óÈ£ ÀÎÁõÀ» Çϱâ À§ÇÑ challenge-response ÇÁ·ÎÅäÄÝ
o °ü·ÃÃë¾àÁ¡ :
- Internet Authentication Service Memory Corruption Vulnerability - CVE-2009-2505
- MS-CHAP Authentication Bypass Vulnerability - CVE-2009-3677
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-071.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-071.mspx
[MS09-072] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Ãë¾àÇÑ Microsoft Active Template Library (ATL) Çì´õ¸¦ »ç¿ëÇØ ºôµåµÈ ActiveX ÄÁÆ®·Ñ¿¡
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© ų(Kill) ºñÆ®¿Í °°Àº º¸¾È Á¤Ã¥À» ¿ìȸÇÒ ¼ö ÀÖ´Â ÀÓÀÇÀÇ
¿ÀºêÁ§Æ®¸¦ ÃʱâÈÇÒ ¼ö ÀÖÀ½
o IE°¡ ÃʱâȵÇÁö ¾Ê°Å³ª »èÁ¦µÈ ¿ÀºêÁ§Æ®¸¦ Á¢±ÙÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà
Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÏ¿© »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÔ.
°ø°ÝÀÌ ¼º°øÇÏ¸é ·Î±×¿Â »ç¿ëÀÚÀÇ ±ÇÇÑ È¹µæ °¡´É
¡Ø Active Template Library (ATL) : ÀÛ°í ºü¸¥ COM(Component Object Model) °³Ã¼¸¦
¸¸µé ¼ö ÀÖ´Â ÅÛÇø´ ±â¹Ý C++ Ŭ·¡½º ÁýÇÕ
o °ü·ÃÃë¾àÁ¡ :
- ATL COM Initialization Vulnerability - CVE-2009-2493
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3671
- HTML Object Memory Corruption Vulnerability - CVE-2009-3672
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3673
- Uninitialized Memory Corruption Vulnerability - CVE-2009-3674
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 5.01 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, XP SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, XP SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-072.mspx
[MS09-073] WordPad¿Í OfficeÀÇ ÅØ½ºÆ® º¯È¯±â Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Microsoft WordPad¿Í Microsoft OfficeÀÇ ÅØ½ºÆ® º¯È¯±â°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word 97 ÆÄÀÏÀ»
º¯È¯ÇÏ¿© ¿©´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Word 97 ÆÄÀÏÀ» WordPad ¶Ç´Â
Microsoft Office Word·Î ¿µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- WordPad and Office Text converter Memory Corruption Vulnerability - CVE-2009-2506
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Works 8.5
- Microsoft Office Converter Pack
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista, Windows Vista SP1, SP2
- Windows Vista x64 Edition, SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Microsoft Office Word 2007 SP1, SP2
- Microsoft Office Word Viewer 2003 SP3
- Microsoft Office Word Viewer
- Microsoft Office Compatibility Pack SP1, SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Works 9
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-073.mspx
[MS09-074] Microsoft Office Project Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Microsoft Office Project°¡ Project ÆÄÀÏÀ» ¿¾î¼ ¸Þ¸ð¸®¿¡ ·ÎµùÇÒ ¶§, ¸Þ¸ð¸® ÇÒ´çÀ»
ÀûÀýÇÏ°Ô °ËÁõÇÏÁö ¾Ê¾Æ¼ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Project ÆÄÀÏÀ» ¿µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø Microsoft Project : ÇÁ·ÎÁ§Æ® °èȹÀ» ¼ö¸³ ¹× ÀÛ¾÷, ÀÏÁ¤, À繫¸¦ °ü¸®Çϱ⠽±µµ·Ï °³¹ßµÈ
ÇÁ·ÎÁ§Æ® °ü¸®¿ë ¿ÀÇǽº ¼ÒÇÁÆ®¿þ¾î
o °ü·ÃÃë¾àÁ¡ :
- Project Memory Validation Vulnerability - CVE-2009-0102
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Project 2000 Service Release 1
- Microsoft Project 2002 SP1
- Microsoft Office Project 2003 SP3
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Project Server 2003 SP3
- Microsoft Office Project 2007 SP1, SP2
- Microsoft Project Portfolio Server 2007 SP1, SP2
- Microsoft Project Server 2007 SP1, SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-074.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-074.mspx
|