°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-13
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ ( hosting@hhosting.co.kr ) µî·ÏÁ¤º¸ 2010-10-13 09:11:00 Á¶È¸¼ö 21443
[MS10-071] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o IEÀÇ ÀÚµ¿¿Ï¼º ±â´É, toStaticHTML APIÀÇ HTML ÇÊÅ͸µ, CSS Ư¼ö ¹®ÀÚ¿Í Anchor ¿ä¼Ò¸¦
ó¸®ÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ Á¤º¸À¯Ãâ Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø toStaticHTML API: IE¿¡¼­ HTMLÀ» ·»´õ¸µÇϱâ Àü¿¡ »ç¿ëÀÚÀÇ ÀÔ·ÂÀ¸·ÎºÎÅÍ À̺¥Æ® ¼Ó¼º
À̳ª ½ºÅ©¸³Æ®¸¦ Á¦°ÅÇÏ´Â ±â´É
o IE°¡ ÃʱâÈ­µÇÁö ¾Ê°Å³ª »èÁ¦µÈ ¿ÀºêÁ§Æ®¿¡ Á¢±ÙÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀÚ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÏ¿© »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÏ¿© ´ÙÀ½°ú
°°Àº ÇàÀ§¸¦ ÇÒ ¼ö ÀÖÀ½
- ÀÔ·Â ÇÊµå µ¥ÀÌÅÍ Á¤º¸ ¶Ç´Â »èÁ¦ÇÏ·Á°í ÇÑ °³ÀÎÁ¤º¸ÀÇ ÀǵµÇÏÁö ¾ÊÀº À¯Ãâ
- ´Ù¸¥ µµ¸ÞÀÎÀ̳ª ÀÎÅÍ³Ý ¿µ¿ª¿¡ ÀÖ´Â ÄÜÅÙÃ÷¸¦ ¿­¶÷
- XSS¸¦ À¯¹ßÇÏ¿© »ç¿ëÀÚÀÇ º¸¾È ÄÁÅØ½ºÆ®¿¡¼­ ½ºÅ©¸³Æ®¸¦ ½ÇÇà
- ·Î±×¿Â »ç¿ëÀÚÀÇ ±ÇÇÑ È¹µæ °¡´É
o °ü·ÃÃë¾àÁ¡ :
- AutoComplete Information Disclosure Vulnerability - CVE-2010-0808
- HTML Sanitization Vulnerability - CVE-2010-3243
- HTML Sanitization Vulnerability - CVE-2010-3324
- CSS Special Character Information Disclosure Vulnerability - CVE-2010-3325
- Uninitialized Memory Corruption Vulnerability - CVE-2010-3326
- Anchor Element Information Disclosure Vulnerability - CVE-2010-3327
- Uninitialized Memory Corruption Vulnerability - CVE-2010-3328
- Uninitialized Memory Corruption Vulnerability - CVE-2010-3329
- Cross-Domain Information Disclosure Vulnerability - CVE-2010-3330
- Uninitialized Memory Corruption Vulnerability - CVE-2010-3331
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 6 on Windows XP SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for x64-based Systems
- Internet Explorer 8 on Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-071.mspx
o ÇÑ±Û :

[MS10-072] SafeHTML Ãë¾àÁ¡À¸·Î ÀÎÇÑ Á¤º¸À¯Ãâ ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀ¸·ÎºÎÅÍ Á¤º¸¸¦ À¯ÃâÇÒ ¼ö ÀÖÀ½

¡à ¼³¸í
o Microsoft SharePoint¿Í Windows SharePoint ServicesÀÇ SafeHTML ±â´É¿¡¼­ HTMLÀ»
ÇÊÅ͸µÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ Á¤º¸À¯Ãâ Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø SharePoint : MS°¡ °³¹ßÇÑ ÄÁÅÙÆ® °ü¸® ½Ã½ºÅÛÀ¸·Î À¥ ±â¹ÝÀÇ Çù¾÷ ȯ°æÀ» Á¦°øÇÔ
¡Ø SafeHTML : HTML·ÎºÎÅÍ ¾ÇÀÇÀûÀÎ ½ºÅ©¸³Æ®¸¦ ÇÊÅ͸µÇϱâ À§ÇÑ ±â´É
o °ø°ÝÀÚ´Â SafeHTML ±â´ÉÀ» »ç¿ëÇÏ´Â ´ë»ó »çÀÌÆ®¿¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ½ºÅ©¸³Æ®¸¦ ¿Ã·Á¼­,
»ç¿ëÀÚÀÇ º¸¾È ÄÁÅØ½ºÆ®¿¡¼­ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ´Â XSS °ø°ÝÀÌ °¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- HTML Sanitization Vulnerability - CVE-2010-3243
- HTML Sanitization Vulnerability - CVE-2010-3324
o ¿µÇâ : Á¤º¸À¯Ãâ
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows SharePoint Services 3.0 SP2 (32-bit versions)
- Microsoft Windows SharePoint Services 3.0 SP2 (64-bit versions)
- Microsoft SharePoint Foundation 2010
- Microsoft Office SharePoint Server 2007 SP2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 SP2 (64-bit editions)
- Microsoft Groove Server 2010
- Microsoft Office Web Apps
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows SharePoint Services 2.0
- Microsoft SharePoint Portal Server 2001 SP3
- Microsoft SharePoint Portal Server 2003 SP3
- Microsoft SharePoint Server 2010
- Microsoft Groove 2007
- Microsoft SharePoint Workspace

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-072.mspx
o ÇÑ±Û :


[MS10-073] Windows Ä¿³Î ¸ðµå µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦

¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ì Ä¿³Î ¸ðµå µå¶óÀ̹ö°¡ °´Ã¼¿¡ ´ëÇÑ ÂüÁ¶ Ä«¿îÆ®¸¦ ºÎÀûÀýÇÏ°Ô À¯ÁöÇϰí, Űº¸µå
·¹À̾ƿôÀ» ·ÎµùÇϰí À©µµ¿ì Ŭ·¡½º µ¥ÀÌÅ͸¦ °ËÁõÇÏ´Â °úÁ¤ÀÇ ¿À·ù·Î ±ÇÇÑ»ó½Â Ãë¾àÁ¡ÀÌ ¹ß»ý
o ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ ·Î±×¿ÂÇÑ °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÀÀ¿ëÇÁ·Î±×·¥À» ½ÇÇàÇÏ¿© Ä¿³Î¸ðµå¿¡¼­
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø °ø°ÝÀÚ´Â À¯È¿ÇÑ ·Î±×¿Â °èÁ¤À» °¡Áö°í ÀÖ´Â »óÅ¿¡¼­ ·ÎÄÿ¡¼­¸¸ °ø°ÝÀÌ °¡´ÉÇÔ. ¿ø°Ý¿¡¼­
¶Ç´Â À͸íÀÇ »ç¿ëÀڷδ °ø°ÝÀÌ ºÒ°¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- Win32k Reference Count Vulnerability - CVE-2010-2549
- Win32k Keyboard Layout Vulnerability - CVE-2010-2743
- Win32k Window Class Vulnerability - CVE-2010-2744
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx
o ÇÑ±Û :


[MS10-074] Microsoft Foundation Class Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o MFC°¡ À©µµ¿ì ŸÀÌÆ² ¸íÀ» º¯°æÇÏ´Â ¿äûÀ» ó¸®ÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà
Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø Microsoft Foundation Class (MFC) : MS À©µµ¿ì ÇÁ·Î±×·¡¹ÖÀ» À§ÇÑ ÀÀ¿ëÇÁ·Î±×·¥ ÇÁ·¹ÀÓ
¿öÅ© ¶óÀ̺귯¸®
o °ø°ÝÀÚ´Â ¿ø°Ý »ç¿ëÀÚÀÇ ÀԷ¿¡ µû¶ó ÇØ´ç ÇÁ·Î±×·¥ÀÇ À©µµ¿ì ŸÀÌÆ²¿¡ ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Â MFC
ÀÀ¿ëÇÁ·Î±×·¥¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÄÀÏÀ» ¿­µµ·Ï À¯µµÇÏ¿©, ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå
½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows MFC Document Title Updating Buffer Overflow Vul. - CVE-2010-3227
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : º¸Åë

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-074.mspx
o ÇÑ±Û :


[MS10-075] ¹Ìµð¾î Ç÷¹ÀÌ¾î ³×Æ®¿öÅ© °øÀ¯ ¼­ºñ½º Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ì ¹Ìµð¾î Ç÷¹ÀÌ¾î ³×Æ®¿öÅ© °øÀ¯ ¼­ºñ½º°¡ Real Time Streaming Protocol (RTSP) ÆÐŶÀ»
ó¸®ÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø Windows Media Player Network Sharing Service : ¹Ìµð¾î ¶óÀ̺귯¸®ÀÇ ÆÄÀÏÀ»
³×Æ®¿öÅ© »óÀÇ ´Ù¸¥ »ç¿ëÀÚ¿Í °øÀ¯ÇÒ ¼ö ÀÖ´Â ±â´ÉÀ» Á¦°øÇÏ´Â ¼­ºñ½º
¡Ø Real Time Streaming Protocol (RTSP) : ½Ç½Ã°£ µ¥ÀÌÅÍÀÇ Àü´ÞÀ» À§ÇÑ ÀÀ¿ëÇÁ·Î±×·¥
¼öÁØÀÇ ÇÁ·ÎÅäÄÝ
o Ư¼öÇÏ°Ô Á¶ÀÛµÈ RTSP ³×Æ®¿öÅ© ÆÐŶÀ» ¿ø°ÝÀÇ ¿µÇâ¹Þ´Â ½Ã½ºÅÛÀ¸·Î Àü¼ÛÇÏ¿© ÀÓÀÇÀÇ ÄÚµå
½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- RTSP Use After Free Vulnerability - CVE-2010-3225
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx
o ÇÑ±Û :



[MS10-076] Embedded OpenType ±Û²Ã ¿£ÁøÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ì ±¸¼º ¿ä¼ÒÀÎ Embeded OpenType ±Û²Ã ¿£ÁøÀÌ Embedded ±Û²ÃÀ» Æ÷ÇÔÇϴ Ư¼öÇϰÔ
Á¶ÀÛµÈ ÆÄÀϰú ÄÜÅÙÃ÷¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¹ß»ýÇÏ´Â Á¤¼ö ¿À¹öÇ÷οì·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà
Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø EOT(Embedded OpenType) ±Û²Ã : ¹®¼­³ª À¥ ÆäÀÌÁö¿¡ Æ÷ÇÔÇÏ´Â µ¥ »ç¿ëµÇ´Â ¾ÐÃà ÇüÅÂÀÇ
±Û²Ã (Word .doc ÆÄÀϰú °°Àº ƯÁ¤ ¹®¼­ Çü½ÄÀ¸·Î Æ÷ÇԵǰųª À¥ ¼­¹ö¿¡ ÀÖ´Â .eot ÆÄÀÏ¿¡ ´ëÇÑ
¸µÅ©¸¦ »ç¿ëÇÏ¿© À¥ ÆäÀÌÁö¿¡ Æ÷Ç﵃ ¼ö ÀÖÀ½)
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ EOT ±Û²ÃÀ» Æ÷ÇÔÇÏ´Â ÄÜÅÙÃ÷¸¦ EOT
±Û²ÃÀ» ·»´õ¸µÇÒ ¼ö Àִ Ŭ¶óÀÌ¾ðÆ® ÀÀ¿ëÇÁ·Î±×·¥¿¡¼­ ¿­µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î
ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Embedded OpenType Font Integer Overflow Vulnerability - CVE-2010-1883
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx
o ÇÑ±Û :



[MS10-077] .NET Framework Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o .NET Framework JIT ÄÄÆÄÀÏ·¯°¡ Äڵ带 ÃÖÀûÈ­ÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦¿¡ µû¸¥ ¸Þ¸ð¸® ¼Õ»óÀ¸·Î
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø .NET Framework : ÀÀ¿ë ÇÁ·Î±×·¥°ú À¥ ¼­ºñ½º¸¦ ÀÛ¼ºÇÏ°í ½ÇÇàÇÒ ¼ö ÀÖ´Â Microsoft
Windows ¿î¿µ üÁ¦ÀÇ ±¸¼º ¿ä¼Ò
¡Ø XAML(Extensible Application Markup Language) : .NET Framework ÀÀ¿ëÇÁ·Î±×·¥À»
À§ÇÑ ½Ã°¢ÀûÀÎ »ç¿ëÀÚ ÀÎÅÍÆäÀ̽º »ý¼ºÀ» ´Ü¼øÈ­ÇÒ ¼ö ÀÖ´Â ¼±¾ðÀû ¸¶Å©¾÷ ¾ð¾î
¡Ø XBAP (XAML Browser Application) : À¥ ÀÀ¿ëÇÁ·Î±×·¥°ú ¸®Ä¡ Ŭ¶óÀÌ¾ðÆ® ÀÀ¿ëÇÁ·Î±×·¥À»
°áÇÕÇÑ ±â´ÉÀ» °¡Áø ÀÀ¿ëÇÁ·Î±×·¥
¡Ø JIT ÄÄÆÄÀÏ·¯ : .NET Framework ·±Å¸ÀÓ ±¸¼º¿ä¼Ò·Î, ÇÁ·Î±×·¥À» ½ÇÁ¦ ½ÇÇàÇÏ´Â ½ÃÁ¡¿¡ ½ÇÇà
°¡´ÉÇÑ ³×ÀÌÆ¼ºê ÄÚµå·Î º¯È¯ÇÏ´Â ÄÄÆÄÀÏ·¯
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ XBAPÀÌ Æ÷ÇÔµÈ »çÀÌÆ®¸¦ ¹æ¹®Çϵµ·Ï À¯µµ
Çϰųª ¾ÇÀÇÀûÀÎ ASP.NET ÀÀ¿ëÇÁ·Î±×·¥À» ¾÷·ÎµåÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå
½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- .NET Framework x64 JIT Compiler Vulnerability - CVE-2010-3228
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : ±ä±Þ

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft .NET Framework 4.0 on Windows XP Professional x64 Edition SP2
- Microsoft .NET Framework 4.0 on Windows Server 2003 x64 Edition SP2
- Microsoft .NET Framework 4.0 on Windows Server 2003 with SP2 for
Itanium-based Systems
- Microsoft .NET Framework 4.0 on Windows Vista x64 Edition SP1, SP2
- Microsoft .NET Framework 4.0 on Windows Server 2008 for x64-based Systems, SP2
- Microsoft .NET Framework 4.0 on Windows Server 2008 for
Itanium-based Systems, SP2
- Microsoft .NET Framework 4.0 on Windows 7 for x64-based Systems
- Microsoft .NET Framework 4.0 on Windows Server 2008 R2 for x64-based Systems
- Microsoft .NET Framework 4.0 on Windows Server 2008 R2 for Itanium-based
Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft .NET Framework 1.0 SP3
- Microsoft .NET Framework 1.1 SP1
- Microsoft .NET Framework 2.0 SP1
- Microsoft .NET Framework 2.0 SP2
- Microsoft .NET Framework 3.0
- Microsoft .NET Framework 3.0 SP1
- Microsoft .NET Framework 3.0 SP2
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5 SP1
- Microsoft .NET Framework 3.5.1
- Microsoft .NET Framework 4.0 on Windows XP SP3
- Microsoft .NET Framework 4.0 on Windows Server 2003 SP2
- Microsoft .NET Framework 4.0 on Windows Vista SP1,SP2
- Microsoft .NET Framework 4.0 on Windows Server 2008 for 32-bit Systems, SP2
- Microsoft .NET Framework 4.0 on Windows 7 for 32-bit Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-077.mspx
o ÇÑ±Û :



[MS10-078] OpenType Font(OTF) Æ÷¸Ë µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦Á¡

¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ì OpenType Font (OTF) Æ÷¸Ë µå¶óÀ̹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ OpenType ÆùÆ®¸¦ ó¸®ÇÒ ¶§
¸Þ¸ð¸® ÇÒ´ç°ú Á¤¼ö °è»êÀ» ÀûÀýÇÏ°Ô ÀÌ·ç¾îÁöÁö ¾Ê¾Æ¼­ ±ÇÇÑ»ó½Â Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø OpenType Font (OTF) : Microsoft¿Í Adobe°¡ °øµ¿À¸·Î °³¹ßÇÑ TrueType ±Û²Ã Çü½ÄÀÇ
È®Àå
o ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ ·Î±×¿ÂÇÑ °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ OpenType ÆùÆ®°¡ Æ÷ÇÔµÈ ÄÜÅÙÃ÷¸¦ ÅëÇØ
Ä¿³Î¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø °ø°ÝÀÚ´Â À¯È¿ÇÑ ·Î±×¿Â °èÁ¤À» °¡Áö°í ÀÖ´Â »óÅ¿¡¼­ ·ÎÄÿ¡¼­¸¸ °ø°ÝÀÌ °¡´ÉÇÔ. ¿ø°Ý¿¡¼­
¶Ç´Â À͸íÀÇ »ç¿ëÀڷδ °ø°ÝÀÌ ºÒ°¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- OpenType Font Parsing Vulnerability - CVE-2010-2740
- OpenType Font Validation Vulnerability - CVE-2010-2741
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx
o ÇÑ±Û :



[MS10-079] Microsoft Word Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Microsoft Office Word°¡ Æ÷ÀÎÅÍ, À妽º °ª, ¸®ÅÏ °ª, ºÏ¸¶Å©¸¦ ó¸®ÇÏ´Â ¹æ½ÄÀÇ ¹®Á¦ ¹× ÀûÀý
ÇÏÁö ¾ÊÀº °æ°è °Ë»ç, ½ºÅà °ËÁõÀÇ ¿À·ù·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿öµå ÆÄÀÏÀ» ¿­¶÷Çϵµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Word Uninitialized Pointer Vulnerability - CVE-2010-2747
- Word Boundary Check Vulnerability - CVE-2010-2748
- Word Index Vulnerability - CVE-2010-2750
- Word Stack Overflow Vulnerability CVE-2010-3214
- Word Return Value Vulnerability CVE-2010-3215
- Word Bookmarks Vulnerability - CVE-2010-3216
- Word Pointer Vulnerability - CVE-2010-3217
- Word Heap Overflow Vulnerability - CVE-2010-3218
- Word Index Parsing Vulnerability - CVE-2010-3219
- Word Parsing Vulnerability - CVE-2010-3220
- Word Parsing Vulnerability - CVE-2010-3221
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Word 2002 SP3
- Microsoft Word 2003 SP3
- Microsoft Word 2007 SP2
- Microsoft Word 2010 (32-bit editions)
- Microsoft Word 2010 (64-bit editions)
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Office 2007 File Formats SP2
- Microsoft Word Viewer
- Microsoft Office Web Apps
- Microsoft Word Web App
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Works 9


¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-079.mspx
o ÇÑ±Û :



[MS10-080] Microsoft Excel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o Microsoft Office ExcelÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ¿¢¼¿ ÆÄÀÏ ¶Ç´Â Lotus 1-2-3 ÆÄÀÏÀ» ó¸®ÇÏ´Â ¹æ½ÄÀÇ
¸Þ¸ð¸® Çڵ鸵 ¿À·ù·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸Àç
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿¢¼¿ ÆÄÀÏÀ» ¿­¶÷Çϵµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Excel Record Parsing Integer Overflow Vulnerability - CVE-2010-3230
- Excel Record Parsing Memory Corruption Vulnerability - CVE-2010-3231
- Excel File Format Parsing Vulnerability - CVE-2010-3232
- Lotus 1-2-3 Workbook Parsing Vulnerability - CVE-2010-3233
- Formula Substream Memory Corruption Vulnerability - CVE-2010-3234
- Formula Biff Record Vulnerability - CVE-2010-3235
- Out Of Bounds Array Vulnerability - CVE-2010-3236
- Merge Cell Record Pointer Vulnerability - CVE-2010-3237
- Negative Future Function Vulnerability - CVE-2010-3238
- Extra Out of Boundary Record Parsing Vulnerability - CVE-2010-3239
- Real Time Data Array Record Vulnerability - CVE-2010-3240
- Out-of-Bounds Memory Write in Parsing Vulnerability - CVE-2010-3241
- Ghost Record Type Parsing Vulnerability - CVE-2010-3242
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Excel 2002 SP3
- Microsoft Excel 2003 SP3
- Microsoft Excel 2007 SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Excel Viewer SP2
- Microsoft Office Compatibility Pack for Office 2007 File Formats SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Excel 2010 (32-bit editions)
- Microsoft Excel 2010 (64-bit editions)
- Microsoft Works 9


¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-080.mspx
o ÇÑ±Û :



[MS10-081] Windows Common Control Library Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ìÀÇ °ø¿ë ÄÁÆ®·Ñ ¶óÀ̺귯¸®°¡ Ÿ»ç SVG ºä¾î·ÎºÎÅÍ Àü´ÞµÈ ¸Þ½ÃÁö¸¦ ÀûÀýÇÏ°Ô Ã³¸®ÇÏÁö
¸øÇÏ¿© ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ¹ß»ý
¡Ø SVG(Scalable Vector Graphics) : 2Â÷¿ø º¤ÅÍ ±×·¡ÇÈÀ» Ç¥ÇöÇϱâ À§ÇÑ XML±â¹ÝÀÇ ÆÄÀÏ
Çü½Ä Ç¥ÁØ
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ ¹æ¹®Çϵµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Comctl32 Heap Overflow Vulnerability - CVE-2010-2746
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-081.mspx
o ÇÑ±Û :



[MS10-082] Windows Media Player Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À¥ ºê¶ó¿ìÀú¸¦ ÅëÇØ À©µµ¿ì ¹Ìµð¾î Ç÷¹À̾ ´Ù½Ã ·ÎµåµÇ´Â µ¿ÀÛÇÏ´Â °úÁ¤¿¡¼­ °´Ã¼ ÇÒ´çÀ»
ÇØÁ¦ÇÏ´Â ¹æ½ÄÀÇ ¿À·ù·Î ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¹Ìµð¾î ÄÜÅÙÃ÷¸¦ È£½ºÆÃÇÏ´Â ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ¹æ¹®Çϵµ·Ï
À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Media Player Memory Corruption Vulnerability - CVE-2010-2745
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Media Player 9 Series on Windows XP SP3
- Windows Media Player 10 on Windows XP SP3
- Windows Media Player 11 on Windows XP SP3
- Windows Media Player 10 on Windows XP Professional x64 Edition SP2
- Windows Media Player 11 on Windows XP Professional x64 Edition SP2
- Windows Media Player 10 on Windows Server 2003 SP2
- Windows Media Player 10 on Windows Server 2003 x64 Edition SP2
- Windows Media Player 11 on Windows Vista SP1, SP2
- Windows Media Player 11 on Windows Vista x64 Edition SP1, SP2
- Windows Media Player 11 on Windows Server 2008 for 32-bit Systems, SP2
- Windows Media Player 11 on Windows Server 2008 for x64-based Systems, SP2
- Windows Media Player 12 on Windows 7 for 32-bit Systems
- Windows Media Player 12 on Windows 7 for x64-based Systems
- Windows Media Player 12 on Windows Server 2008 R2 for x64-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Media Player 6.4 on Windows XP SP3
- Windows Media Player 6.4 on Windows XP Professional x64 Edition SP2
- Windows Media Player 6.4 on Windows Server 2003 SP2
- Windows Media Player 6.4 on Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-082.mspx
o ÇÑ±Û :


[MS10-083] Windows Shell ¹× WordPad¿¡¼­ COM °ËÁõ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ

¡à ¼³¸í
o À©µµ¿ì ½©°ú ¿öµåÆÐµå¿¡¼­ COM °´Ã¼¸¦ ÃʱâÈ­ÇÏ´Â °úÁ¤¿¡¼­ ºÎÀûÀýÇÑ °ËÁõ ¹æ½ÄÀ¸·Î ÀÎÇØ
¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø Microsoft COM(Component Object Model) : À©µµ¿ì °è¿­ ¿î¿µÃ¼Á¦¿¡¼­ SW ±¸¼º¿ä¼Ò °£
Åë½ÅÀ» °¡´ÉÇÏ°Ô ÇØÁÖ´Â ±â¼ú·Î¼­, Àç»ç¿ë °¡´ÉÇÑ ÄÄÆ÷³ÍÆ® ¹× À̵éÀ» ¿¬°áÇÑ ÀÀ¿ëÇÁ·Î±×·¥ÀÇ
°³¹ß µîÀÇ ÀåÁ¡ÀÌ ÀÖÀ½.
o °ø°ÝÀÚ´Â À¥ »çÀÌÆ®³ª À̸ÞÀÏÀ» ÅëÇØ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿öµåÆÐµå ÆÄÀÏÀ» ¿­µµ·Ï À¯µµÇϰųª,
³×Æ®¿öÅ© ¶Ç´Â WebDAV °øÀ¯ ÆÄÀÏ·Î ¹Ù·Î°¡±â(.lnk) ÆÄÀÏ ¼±ÅÃÇϰųª ¿­µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â
»ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡Ø WebDAV(Web Distributed Authoring and Versioning) : º¹»ç, À̵¿, »èÁ¦ ¹× ¸¸µé±â¿Í
°°Àº ±âº»ÀûÀÎ ÆÄÀÏ ±â´ÉÀÌ HTTP(Hypertext Transfer Protocol)¸¦ »ç¿ëÇÏ¿© ÄÄÇ»ÅÍ¿¡¼­
¼öÇàµÇ´Â ¹æ½ÄÀ» Á¤ÀÇÇÏ´Â HTTP È®Àå
o °ü·ÃÃë¾àÁ¡ :
- COM Validation Vulnerability - CVE-2010-1263
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Wordpad on Windows XP SP3
- Wordpad on Windows XP Professional x64 Edition SP2
- Wordpad on Windows Server 2003 SP2
- Wordpad on Windows Server 2003 x64 Edition SP2
- Wordpad on Windows Server 2003 with SP2 for Itanium-based Systems
- Wordpad on Windows Vista SP1, SP2
- Wordpad on Windows Vista x64 Edition SP1, SP2
- Wordpad on Windows Server 2008 for 32-bit Systems, SP2
- Wordpad on Windows Server 2008 for x64-based Systems, SP2
- Wordpad on Windows Server 2008 for Itanium-based Systems, SP2
- Wordpad on Windows 7 for 32-bit Systems
- Wordpad on Windows 7 for x64-based Systems
- Wordpad on Windows Server 2008 R2 for x64-based Systems
- Wordpad on Windows Server 2008 R2 for Itanium-based Systems
- Windows Shell on Windows Vista SP1, SP2
- Windows Shell on Windows Vista x64 Edition SP1, SP2
- Windows Shell on Windows Server 2008 for 32-bit Systems, SP2
- Windows Shell on Windows Server 2008 for x64-based Systems, SP2
- Windows Shell on Windows Server 2008 for Itanium-based Systems, SP2
- Windows Shell on Windows 7 for 32-bit Systems
- Windows Shell on Windows 7 for x64-based Systems
- Windows Shell on Windows Server 2008 R2 for x64-based Systems
- Windows Shell on Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-083.mspx
o ÇÑ±Û :



[MS10-084] Windows Local Procedure Call Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦Á¡

¡à ¿µÇâ
o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀÇ ÀÚ¿ø¿¡ ºñÀΰ¡ ±ÇÇÑ Á¢±ÙÀÌ °¡´ÉÇÔ

¡à ¼³¸í
o RPC ¼­ºê½Ã½ºÅÛ ³»¿¡¼­ 󸮵Ǵ LPC¿Í LRPC ¼­¹ö »çÀÌ¿¡ Æ÷Æ® ¸Þ½ÃÁö ±³È¯ °úÁ¤¿¡¼­
¹ß»ýÇÏ´Â ½ºÅà ±â¹Ý ¹öÆÛ ¿À¹öÇ÷Π¹®Á¦·Î ÀÎÇØ ±ÇÇÑ»ó½Â Ãë¾àÁ¡ÀÌ Á¸Àç
¡Ø LPC (Local Procedure Call) : µ¿ÀÏÇÑ À©µµ¿ì ½Ã½ºÅÛ¿¡¼­ ½º·¹µå°£ ¶Ç´Â ÇÁ·Î¼¼½º°£ Åë½ÅÇϱâ
À§ÇÑ ¸Þ½ÃÁö Àü´Þ ¼­ºñ½º
¡Ø LRPC (Local RPC) : ·ÎÄà ½Ã½ºÅÛ¿¡¼­ ÀÌ·ç¾îÁö´Â RPC Åë½Å
¡Ø RPC (Remote Procedure Call) : ÇÁ·Î¼¼½º °£ µ¥ÀÌÅÍ ±³È¯ ¹× ±â´É È£ÃâÀ» À§ÇÑ Åë½Å ¸ÞÄ¿´ÏÁò
o ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ ·Î±×¿ÂÇÑ °ø°ÝÀÚ´Â ·ÎÄÃÀÇ LRPC ¼­¹ö·Î LPC ¸Þ½ÃÁö¸¦ Àü¼ÛÇϴ Ư¼öÇϰÔ
Á¶ÀÛµÈ Äڵ带 ½ÇÇàÇÏ¿©, NetworkService °èÁ¤ ±ÇÇÑÀ¸·Î ÀÚ¿øÀ» Á¢±ÙÇÒ ¼ö ÀÖÀ½
¡Ø °ø°ÝÀÚ´Â À¯È¿ÇÑ ·Î±×¿Â °èÁ¤À» °¡Áö°í ÀÖ´Â »óÅ¿¡¼­ ·ÎÄÿ¡¼­¸¸ °ø°ÝÀÌ °¡´ÉÇÔ. ¿ø°Ý¿¡¼­
¶Ç´Â À͸íÀÇ »ç¿ëÀڷδ °ø°ÝÀÌ ºÒ°¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- LPC Message Buffer Overrun Vulnerability - CVE-2010-3222
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-084.mspx
o ÇÑ±Û :



[MS10-085] SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º°ÅºÎ ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀ» ¼­ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½

¡à ¼³¸í
o SChannelÀÌ Å¬¶óÀÌ¾ðÆ® ÀÎÁõ¼­ ¿äûÀ» ó¸®ÇÏ´Â ¹æ½ÄÀÇ ¿À·ù·Î ÀÎÇØ ¼­ºñ½º°ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø SChannel (Secure Channel) : Ŭ¶óÀÌ¾ðÆ®¿Í ¼­¹ö °£¿¡ º¸¾È Åë½ÅÀ» Áö¿øÇϱâ À§ÇÑ ÀÎÁõ
¼­ºñ½º¸¦ Á¦°øÇÏ´Â º¸¾È ÆÐŰÁöÀÇ ÀϺÎ
o ¿ø°ÝÀÇ À͸íÀÇ °ø°ÝÀÚ´Â SSLÀÌ ¼³Á¤µÈ À¥ »çÀÌÆ®¸¦ È£½ºÆÃÇÏ´Â IIS ¼­¹ö·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ
ÆÐŶ ¸Þ½ÃÁö¸¦ Àü¼ÛÇÏ¿©, LSASS ¼­ºñ½º¸¦ µ¿ÀÛÀ» ¸ØÃ߰ųª ½Ã½ºÅÛÀ» Àç½ÃÀÛÇϰÔ
¡Ø ½Ã½ºÅÛÀº SSLÀÌ ¼³Á¤ÀÌ È°¼ºÈ­µÈ °æ¿ì¿¡¸¸ ¿µÇâÀ» ¹ÞÀ½ (µðÆúÆ® ¼³Á¤Àº ºñȰ¼ºÈ­)
¡Ø SSL (Secure Sockets Layer) : °ø°³ ¹× ºñ¹Ð Ű ±â¼úÀÇ Á¶ÇÕÀ» »ç¿ëÇÏ´Â º¸¾È ³×Æ®¿öÅ©
Åë½ÅÀ» Áö¿øÇÏ´Â ÇÁ·ÎÅäÄÝ
¡Ø IIS (Internet Information Services) : FTP, SMTP, NNTP, HTTP/HTTPS µîÀÇ ÇÁ·ÎÅäÄÝÀ»
Áö¿øÇÏ´Â MSÀÇ ÀÎÅÍ³Ý Á¤º¸ ¼­ºñ½º
o °ü·ÃÃë¾àÁ¡ :
- TLSv1 Denial of Service Vulnerability - CVE-2010-3229
o ¿µÇâ : ¼­ºñ½º°ÅºÎ
o Á߿䵵 : Áß¿ä

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-085.mspx
o ÇÑ±Û :



[MS10-086] Windows Shared Cluster Disks Ãë¾àÁ¡À¸·Î ÀÎÇÑ µ¥ÀÌÅͺ¯Á¶ ¹®Á¦Á¡

¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ µ¥ÀÌÅÍ º¯Á¶

¡à ¼³¸í
o MSCS »ç¿ëÀÚ ÀÎÅÍÆäÀ̽º°¡ Ŭ·¯½ºÅÍ¿¡ µð½ºÅ©¸¦ Ãß°¡ÇÒ ¶§ ¾ÈÀüÇÏÁö ¾ÊÀº µðÆúÆ® ÆÛ¹Ì¼ÇÀ» ¼³Á¤
(ºñÀΰ¡ »ç¿ëÀÚ¿¡°Ô °ü¸®ÀÚ °øÀ¯¿¡ ´ëÇÑ Àбâ/¾²±â/»èÁ¦ Á¢±Ù ±ÇÇÑ ºÎ¿©)ÇÏ¿© µ¥ÀÌÅͺ¯Á¶
Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø MSCS (Microsoft Cluster Service) : ÄÄÇ»ÆÃ ¸®¼Ò½º¸¦ ÃÖ¼ÒÈ­ÇÏ´Â µ¿½Ã¿¡ °í°¡¿ë¼ºÀ»
Á¦°øÇϴ Ŭ·¯½ºÅÍ ¼­ºñ½º
o ¿ø°ÝÀÇ °ø°ÝÀÚ´Â ¿µÇâ¹Þ´Â Ŭ·¯½ºÅÍ µð½ºÅ© ¼³Á¤ÀÇ °ü¸®ÀÚ °øÀ¯¿¡ ´ëÇÑ µ¥ÀÌÅÍ ¿­¶÷, Ãß°¡, º¯Á¶,
»èÁ¦°¡ °¡´ÉÇÔ
o °ü·ÃÃë¾àÁ¡ :
- Permissions on New Cluster Disks Vulnerability - CVE-2010-3223
o ¿µÇâ : µ¥ÀÌÅͺ¯Á¶
o Á߿䵵 : º¸Åë

¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems

¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS10-086.mspx
o ÇÑ±Û :
ÃÑ 173 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
173 À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2019-05-16 2599
172 WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý ¾È³» 2017-05-15 11616
171 OpenSSL ±ä±Þ º¸¾È ¾÷µ¥ÀÌÆ® 2016-03-03 14952
170 À±ÃÊ(Leap Second) °ü·Ã ¹ö±× ³»¿ë ¹× ´ëÀÀ ¹æ¾È ¾È³» 2015-06-26 17507
169 HTTP.sys ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ 2015-04-17 17035
168 ¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2015-01-29 16209
167 Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2013-07-22 24669
166 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(±×´©º¸µå) º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2011-04-28 29721
165 MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 30695
164 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(Á¦·Îº¸µå) Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 29428
163 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-15 2010-12-15 26356
162 ¾ÖÇà ÄüŸÀÓ Ç÷¹ÀÌ¾î º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-09 2010-12-09 22126
161 Adobe Reader/Acrobat Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-17 2010-11-17 22269
160 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-10 2010-11-10 21342
159 Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-05 2010-11-05 21737
158 Mozilla Firefox ¹× Thunderbird º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-28 2010-10-28 21535
157 Adobe Shockwave Player ½Å±Ô Ãë¾àÁ¡ ÁÖÀÇ - 2010-10-22 2010-10-22 21504
=> [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-13 2010-10-13 21443
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1