³ë¹«Çö ´ëÅë·É ¹è³Ê
  ±è¼ºÅÂÀÇ Tech Tips(Linux, PHP, Apache, DBMS, Mobile)
  http://www.supersky.pe.kr  
¾È³çÇϽʴϱî? ±è¼ºÅÂÀÔ´Ï´Ù.
Linux, Apache, PHP, Mysql, Mobile °ü·Ã Tech Tips Á¤º¸¸¦ Á¦°øÇÕ´Ï´Ù.
 
<<   2009 Mar   >>
S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930311234
1750106 286
  
  + Article List  :  2009³â 3¿ù (8)
2009/03/11     Microsoft º¸¾È¾÷µ¥ÀÌÆ®(MS09-006 ~ MS09-008)  (4)
2009/03/09     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] °ñÇÁ¼±¹°¼¼Æ® - ¿ÍÀÌÁî±âÇÁÆ®  (1)
2009/03/05     MS Windows XP ÀÚµ¿ ·Î±×ÀΠ (1)
2009/03/05     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] Áֹ柿à - ¿ÍÀÌÁî±âÇÁÆ® 
2009/03/04     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] °í±ÞÇü ·¹ÀÌÀúÆ÷ÀÎÅÍ, ¿­¼è°í¸® - ¿ÍÀÌÁî±âÇÁÆ® 
2009/03/03     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] ¸¶¿ì½ºÆеå - ¿ÍÀÌÁî±âÇÁÆ® 
2009/03/02     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] ÀÚ¼®¿ÀÇÁ³Ê, º´µû°³ - ¿ÍÀÌÁî±âÇÁÆ® 
2009/03/02     [ÆÇÃ˹°,±â³äÇ°,´ä·ÊÇ°] ºÏ¸¶Å©, Ã¥°¥ÇÇ, ºÀÅõÄ® - ¿ÍÀÌÁî±âÇÁÆ® 

DNS Powered by DNSEver.com
  ++ Microsoft º¸¾È¾÷µ¥ÀÌÆ®(MS09-006 ~ MS09-008)  -  2009/03/11 09:06
Á¦¸ñ ¾øÀ½
¡á °³ ¿ä

MSÞä´Â 3¿ù 11ÀÏ MS À©µµ¿ì ¹× DNS/Wins ¼­¹ö¿¡¼­ ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾àÁ¡ 3°Ç(±ä±Þ 1, Áß¿ä 2)À» ¹ßÇ¥ÇÏ¿´´Â ¹Ù, °¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ MSÞäÀÇ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Á¶¼ÓÈ÷ ¼³Ä¡ÇϽñ⠹ٶø´Ï´Ù.



¡á º¸¾È ¾÷µ¥ÀÌÆ®¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ ¹× °ü·Ã »çÀÌÆ®

1
. À©µµ¿ì Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦Á¡(±ä±Þ, 958690)

o ¼³ ¸í
GDI Ä¿³Î ÄÄÆ÷³ÍÆ®¿¡ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Á¶ÀÛµÈ EMF, WMF À̹ÌÁö ÆÄÀÏÀÌ Æ÷ÇÔµÈ ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÑ ÈÄ »ç¿ëÀÚÀÇ ¹æ¹®À» À¯µµÇϰųª À̸ÞÀÏ Ã·ºÎÆÄÀÏÀ» ¿­¾îº¸µµ·Ï À¯µµÇÏ¿© Ãë¾à½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´ÉÇÏ´Ù.

* GDI(Graphics Device Interface) : MS À©µµ¿ì¿¡¼­ È­¸é¿¡ ½ºÅ©·Ñ¹Ù, ¼± µî ¸ðµç ±×·¡ÇÈ °´Ã¼µéÀ» ±×¸®´Â ÀÎÅÍÆäÀ̽º
* WMF(Windows Meta File) : º¤Å͹æ½ÄÀÇ À̹ÌÁö ÆÄÀÏÀ» Áö¿øÇϱâ À§ÇÑ wmf È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ·Î MS Office µîÀÇ Å¬¸³¾ÆÆ®¿¡ ÁÖ·Î ÀÌ¿ë
* EMF(Enhanced Metafile) : WMFÀÇ 32ºñÆ® È®ÀåÇü ÆÄÀÏ Æ÷¸Ë


o °ü·Ã Ãë¾àÁ¡
    - Windows Kernel Input Validation Vulnerability(CVE-2009-0081)
    - Windows Kernel Handle Validation Vulnerability(CVE-2009-0082)
    - Windows Kernel Invalid Pointer Vulnerability(CVE-2009-0083)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Microsoft Windows 2000 SP4
    - Windows XP SP2, SP3
    - Windows XP Professional x64 Edition, SP2
    - Windows Server 2003 SP1, SP2
    - Windows Server 2003 x64 Edition, SP2
    - Windows Server 2003 with SP1, SP2 for Itanium-based Systems
    - Windows Vista, SP1
    - Windows Vista x64 Edition, SP1
    - Windows Server 2008 for 32-bit Systems
    - Windows Server 2008 for x64-based Systems
    - Windows Server 2008 for Itanium-based Systems

o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS09-006.mspx

2. SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 960225)

o ¼³ ¸í
SChannel ÀÎÁõ ÄÄÆ÷³ÍÆ®°¡ °øÀÎÀÎÁõ¼­ ±â¹ÝÀÇ ÀÎÁõÀ» ¼öÇàÇÏ´Â °úÁ¤¿¡ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Àΰ¡µÈ »ç¿ëÀÚÀÇ °øÀÎÀÎÁõ¼­¸¦ ÀÌ¿ë, ºñ¹ÐÅ° ¾øÀÌ ÀÎÁõÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù.

* SChannel(Secure Channel) : MS À©µµ¿ì¿¡¼­ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ »ç¿ëµÇ´Â º¸¾ÈÇÁ·ÎÅäÄݷμ­ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼­¹ö¿¡¼­ »ç¿ë
* ½ºÇªÇÎ(Spoofing) : ÀÚ±â ÀÚ½ÅÀÇ ½Äº° Á¤º¸¸¦ ¼Ó¿© ´ë»ó ½Ã½ºÅÛÀ» °ø°ÝÇÏ´Â ¼ö¹ý


o °ü·Ã Ãë¾àÁ¡
    - SChannel Spoofing Vulnerability(CVE-2009-0085)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - Microsoft Windows 2000 SP4
    - Windows XP SP2, SP3
    - Windows XP Professional x64 Edition, SP2
    - Windows Server 2003 SP1, SP2
    - Windows Server 2003 x64 Edition, SP2
    - Windows Server 2003 with SP1, SP2 for Itanium-based Systems
    - Windows Vista, SP1
    - Windows Vista x64 Edition, SP1
    - Windows Server 2008 for 32-bit Systems
    - Windows Server 2008 for x64-based Systems
    - Windows Server 2008 for Itanium-based Systems

o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-007.mspx

3. DNS¿Í WINS ¼­¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 962238)

o ¼³ ¸í
MS À©µµ¿ì DNS¿Í WINS ¼­¹ö¿¡¼­ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â DNS ¼­¹ö¿¡ Á¶ÀÛµÈ Äõ¸®¸¦ º¸³»°Å³ª WINS ¼­¹ö¿¡ man-in-the-middle-attackÀ» ÇÏ¿© ÀÎÅÍ³Ý Æ®·¡ÇÈÀÇ °æ·Î¸¦ ¿øÇÏ´Â °÷À¸·Î º¯°æÇÒ ¼ö ÀÖ´Ù.

* WINS(Windows Internet Name Service) ¼­¹ö : TCP/IPȯ°æ¿¡¼­ NetBIOS À̸§(ÄÄÇ»ÅÍ À̸§)À» IP ÁÖ¼Ò¿Í ¼­·Î ¿¬°á½ÃÄÑÁÖ´Â ¿ªÇÒÀ» ÇÏ´Â ¼­¹ö
* man-in-the-middle-attack(Áß°£ÀÚ °ø°Ý) : µÎ ´ç»çÀÚ°£ÀÇ Åë½Å ¸Þ¼¼Áö¸¦ °ø°ÝÀÚ°¡ Áß°£¿¡¼­ ¸¶À½´ë·Î °¡·Îç ¼ö ÀÖ´Â °ø°Ý


o °ü·Ã Ãë¾àÁ¡
    - DNS Server Query Validation Vulnerability(CVE-2009-0233)
    - DNS Server Response Validation Vulnerability(CVE-2009-0234)
    - DNS Server Vulnerability in WPAD Registration Vulnerability(CVE-2009-0093)
    - WPAD WINS Server Registration Vulnerability(CVE-2009-0094)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
    - DNS/WINS Server on Microsoft Windows 2000 SP4
    - DNS/WINS Server on Microsoft Windows Server 2003 SP1, SP2
    - DNS/WINS Server on Microsoft Windows Server 2003 x64 Edition, SP2
    - DNS/WINS Server on Microsoft Windows Server 2003 for Itanium-based Systems SP1, SP2
    - DNS Server on Windows Server 2008 for 32-bit Systems
    - DNS Server on Windows Server 2008 for x64-based Systems

o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
    - Windows 2000 Professional SP4
    - Windows XP SP2, SP3
    - Windows XP Professional x64 Edition, SP2
    - Microsoft Windows Vista, SP1
    - Microsoft Windows Vista x64 Edition, SP1
    - Microsoft Windows Server 2008 for Itanium-based Systems

o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-008.mspx


¡á Âü°íÁ¤º¸
Microsoft Update
¡æ http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko

 







      << prev     1  2  3  4  5  6  7  8     next >>