1. À©µµ¿ì Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦Á¡(±ä±Þ, 958690)
o ¼³ ¸í
GDI Ä¿³Î ÄÄÆ÷³ÍÆ®¿¡ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Á¶ÀÛµÈ EMF, WMF À̹ÌÁö ÆÄÀÏÀÌ Æ÷ÇÔµÈ ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÑ ÈÄ »ç¿ëÀÚÀÇ ¹æ¹®À» À¯µµÇϰųª À̸ÞÀÏ Ã·ºÎÆÄÀÏÀ» ¿¾îº¸µµ·Ï À¯µµÇÏ¿© Ãë¾à½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´ÉÇÏ´Ù.
* GDI(Graphics Device Interface) : MS À©µµ¿ì¿¡¼ ȸ鿡 ½ºÅ©·Ñ¹Ù, ¼± µî ¸ðµç ±×·¡ÇÈ °´Ã¼µéÀ» ±×¸®´Â ÀÎÅÍÆäÀ̽º
* WMF(Windows Meta File) : º¤Å͹æ½ÄÀÇ À̹ÌÁö ÆÄÀÏÀ» Áö¿øÇϱâ À§ÇÑ wmf È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ·Î MS Office µîÀÇ Å¬¸³¾ÆÆ®¿¡ ÁÖ·Î ÀÌ¿ë
* EMF(Enhanced Metafile) : WMFÀÇ 32ºñÆ® È®ÀåÇü ÆÄÀÏ Æ÷¸Ë
o °ü·Ã Ãë¾àÁ¡
- Windows Kernel Input Validation Vulnerability(CVE-2009-0081)
- Windows Kernel Handle Validation Vulnerability(CVE-2009-0082)
- Windows Kernel Invalid Pointer Vulnerability(CVE-2009-0083)
o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Windows Server 2003 SP1, SP2
- Windows Server 2003 x64 Edition, SP2
- Windows Server 2003 with SP1, SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS09-006.mspx 2. SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 960225)
o ¼³ ¸í
SChannel ÀÎÁõ ÄÄÆ÷³ÍÆ®°¡ °øÀÎÀÎÁõ¼ ±â¹ÝÀÇ ÀÎÁõÀ» ¼öÇàÇÏ´Â °úÁ¤¿¡ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Àΰ¡µÈ »ç¿ëÀÚÀÇ °øÀÎÀÎÁõ¼¸¦ ÀÌ¿ë, ºñ¹ÐÅ° ¾øÀÌ ÀÎÁõÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù.
* SChannel(Secure Channel) : MS À©µµ¿ì¿¡¼ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ »ç¿ëµÇ´Â º¸¾ÈÇÁ·ÎÅäÄݷμ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼¹ö¿¡¼ »ç¿ë
* ½ºÇªÇÎ(Spoofing) : ÀÚ±â ÀÚ½ÅÀÇ ½Äº° Á¤º¸¸¦ ¼Ó¿© ´ë»ó ½Ã½ºÅÛÀ» °ø°ÝÇÏ´Â ¼ö¹ý
o °ü·Ã Ãë¾àÁ¡
- SChannel Spoofing Vulnerability(CVE-2009-0085)
o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Windows Server 2003 SP1, SP2
- Windows Server 2003 x64 Edition, SP2
- Windows Server 2003 with SP1, SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-007.mspx 3. DNS¿Í WINS ¼¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 962238)
o ¼³ ¸í
MS À©µµ¿ì DNS¿Í WINS ¼¹ö¿¡¼ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â DNS ¼¹ö¿¡ Á¶ÀÛµÈ Äõ¸®¸¦ º¸³»°Å³ª WINS ¼¹ö¿¡ man-in-the-middle-attackÀ» ÇÏ¿© ÀÎÅÍ³Ý Æ®·¡ÇÈÀÇ °æ·Î¸¦ ¿øÇÏ´Â °÷À¸·Î º¯°æÇÒ ¼ö ÀÖ´Ù.
* WINS(Windows Internet Name Service) ¼¹ö : TCP/IPȯ°æ¿¡¼ NetBIOS À̸§(ÄÄÇ»ÅÍ À̸§)À» IP ÁÖ¼Ò¿Í ¼·Î ¿¬°á½ÃÄÑÁÖ´Â ¿ªÇÒÀ» ÇÏ´Â ¼¹ö
* man-in-the-middle-attack(Áß°£ÀÚ °ø°Ý) : µÎ ´ç»çÀÚ°£ÀÇ Åë½Å ¸Þ¼¼Áö¸¦ °ø°ÝÀÚ°¡ Áß°£¿¡¼ ¸¶À½´ë·Î °¡·Îç ¼ö ÀÖ´Â °ø°Ý
o °ü·Ã Ãë¾àÁ¡
- DNS Server Query Validation Vulnerability(CVE-2009-0233)
- DNS Server Response Validation Vulnerability(CVE-2009-0234)
- DNS Server Vulnerability in WPAD Registration Vulnerability(CVE-2009-0093)
- WPAD WINS Server Registration Vulnerability(CVE-2009-0094)
o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- DNS/WINS Server on Microsoft Windows 2000 SP4
- DNS/WINS Server on Microsoft Windows Server 2003 SP1, SP2
- DNS/WINS Server on Microsoft Windows Server 2003 x64 Edition, SP2
- DNS/WINS Server on Microsoft Windows Server 2003 for Itanium-based Systems SP1, SP2
- DNS Server on Windows Server 2008 for 32-bit Systems
- DNS Server on Windows Server 2008 for x64-based Systems o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 Professional SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Microsoft Windows Vista, SP1
- Microsoft Windows Vista x64 Edition, SP1
- Microsoft Windows Server 2008 for Itanium-based Systems o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-008.mspx |