È£½ºÆà ȣ½ºÆà µµ¸ÞÀÎ ¸¶ÀÌÆäÀÌÁö °í°´¼¾ÅÍ

È£½ºÆà ¼¾ÅÍ Å¸ÀÌƲ
°ßÀû¿äû
È£½ºÆÿ¬Àå µµ¸ÞÀο¬Àå È£½ºÆÿ¬Àå µµ¸ÞÀο¬Àå
ÅëÇÕÀ¥FTPÁ¢¼Ó
  • ³×ÀÓ¼­¹ö
  • 1Â÷
    hns1.nsgodo.com
    IP: 180.210.127.112
  • 2Â÷
    hns2.nsgodo.com
    IP: 211.233.51.3
°í°´¼¾ÅÍ Àå¾Ö½Å°í
¾È³çÇϼ¼¿ä. nhngodo ÀÔ´Ï´Ù. Á¤ºÎ¿¡¼­ 2020³â±îÁö °ø°øºÐ¾ß ¹× ¹Î°£À¥»çÀÌÆ® ¾×Ƽºêx ÆóÁö ¹× °³¼± ±Ç°í¾È³»·Î ÀÎÇØ ¾×ƼºêX·Î ±¸ÇöµÇ¾î Àִ ȣ½ºÆÃ¿ë °íµµ ÅëÇÕ À¥ FTP Á¦°øÀ» 2019³â¿¡ Á¾·á ¿¹Á¤¿¡ ÀÖ½À´Ï´Ù. ÃßÈÄ ´õ ÁÁÀº ¼­ºñ½º·Î Á¦°ø ¿¹Á¤ÀÌ¿À´Ï ¸¹Àº ¾çÇØ ºÎŹ µå¸®¸ç, ÀÌ¿¡ µû¶ó ÇØ´ç °íµµ FTP ´ë½Å ¾Æ·¡ ¸µÅ©¸¦ ÅëÇÏ¿© FTP ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ¿© »ç¿ëÇϽñ⸦ ±ÇÀåÇص帳´Ï´Ù. ¾×ƼºêX¶õ? Internet Explore »ç¿ëÀÚ°¡ À¥¼­ºñ½º¸¦ ÀÌ¿ëÇϴµ¥ ÇÊ¿äÇÑ ÀÀ¿ë ÇÁ·Î±×·¥À» ÄÄÇ»ÅÍ¿¡ ÀÚµ¿À¸·Î ¼³Ä¡ÇØÁÖ´Â ±â¼ú·Î ÄÄÇ»ÅÍÀÇ º¸¾ÈÀ» ÀϽÃÀûÀ¸·Î ÇØÁ¦ÇÏ´Â ±â´ÉÀÌ ÀÖ¾î º¸¾È¿¡ Ãë¾àÇÏ¿© Á¤ºÎ¿¡¼­µµ ¾×Ƽºê X¸¦ ÆóÁöÇ϶ó°í ±Ç°íÇÏ°í ÀÖ½À´Ï´Ù.
FTP ÇÁ·Î±×·¥ (¹«·áÇü ÇÁ·Î±×·¥) ´Ù¿î·Îµå ¹Ù·Î°¡±â
  • FileZilla ´Ù¿î·Îµå
  • FileZilla ¸Å´º¾ó ´Ù¿î·Îµå
´Ý±â
Á¦¸ñ [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 2¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í Á¶È¸¼ö 2,197°Ç
[MS10-003] MS Office Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o MS Office°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Office ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Office ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - MSO.DLL Buffer Overflow - CVE-2010-0243 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Office XP SP3 - Microsoft Office 2004 for Mac o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Office 2003 SP3 - 2007 Microsoft Office SP1, SP2 - Microsoft Office 2008 for Mac - Open XML File Format Converter for Mac - Microsoft Office Excel Viewer SP1, SP2 - Microsoft Office Word Viewer - PowerPoint Viewer 2007 SP1, SP2 - Visio Viewer 2007 SP1, SP2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, SP2 - Microsoft Works 8.5 - Microsoft Works 9 ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-003.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-003.mspx [MS10-004] MS PowerPoint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o MS PowerPoint°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PowerPoint ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ PowerPoint ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - PowerPoint File Path Handling Buffer Overflow Vulnerability - CVE-2010-0029 - PowerPoint LinkedSlideAtom Heap Overflow Vulnerability - CVE-2010-0030 - PowerPoint OEPlaceholderAtom placementId Invalid Array Indexing Vulnerability - CVE- 2010-0031 - PowerPoint OEPlaceholderAtom Use After Free Vulnerability - CVE-2010-0032 - PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability - CVE-2010-0033 - Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability - CVE-2010- 0034 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Office XP SP3 - Microsoft Office 2003 SP3 - Microsoft Office 2004 for Mac o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Office PowerPoint 2007 SP1, SP2 - Microsoft Office 2008 for Mac - Open XML File Format Converter for Mac - PowerPoint Viewer 2007 SP1, SP2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, SP2 - Microsoft Works 8.5 - Microsoft Works 9 ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-004.mspx [MS10-005] MS Paint Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o MS Paint°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ JPEG ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ JPEG ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - MS Paint Integer Overflow Vulnerability - CVE-2010-0028 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : º¸Åë ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows Vista, SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-005.mspx [MS10-006] SMB Client Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o À©µµ¿ìÁîÀÇ SMB Clinet ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÀÀ´äÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø SMB (Server Message Block): Microsoft Windows¿¡¼­ »ç¿ëÇÏ´Â ³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯ ÇÁ·ÎÅäÄÝ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÀÀ´äÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - SMB Client Pool Corruption Vulnerability - CVE-2010-0016 - SMB Client Race Condition Vulnerability - CVE-2010-0017 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : ±ä±Þ ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-006.mspx [MS10-007] Shell Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o À©µµ¿ìÁîÀÇ Shell ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø Shell: »ç¿ëÀÚÀÇ ¸í·ÉÀ» Çؼ®ÇÏ¿© Ä¿³Î¿¡ Àü´ÞÇÏ¿© ÁÖ°í, ¸í·ÉÀ» ½ÇÇà½ÃÄÑ ÁÖ´Â ¸í·É¾î Çؼ®±â o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà °¡´É o °ü·ÃÃë¾àÁ¡ - URL Validation Vulnerability - CVE-2010-0027 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : ±ä±Þ ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-007.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-007.mspx [MS10-008] ActiveX Kill Bits ´©Àû º¸¾È¾÷µ¥ÀÌÆ® ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ActiveX ÄÁÆ®·ÑÀÌ »ç¿ëµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ °Ô½ÃÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - Microsoft Data Analyzer ActiveX Control Vulnerability - CVE-2010-0252 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : ±ä±Þ ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-008.mspx [MS10-009] TCP/IP Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o À©µµ¿ìÁîÀÇ TCP/IP ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ ICMPv6 ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø ICMPv6: ÀÎÅÍ³Ý ÇÁ·ÎÅäÄÝ ¹öÀü 6¿ë ICMP ¡Ø ICMP (Internet Control Message Protocol): È£½ºÆ® ¼­¹ö¿Í ÀÎÅÍ³Ý °ÔÀÌÆ®¿þÀÌ »çÀÌ¿¡¼­ ¸Þ½ÃÁö¸¦ Á¦¾îÇÏ°í ¿¡·¯¸¦ ¾Ë·ÁÁÖ´Â ÇÁ·ÎÅäÄÝ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ICMPv6 ÆÐŶÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°Ý ÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - ICMPv6 Router Advertisement Vulnerability - CVE-2010-0239 - Header MDL Fragmentation Vulnerability – CVE-2010-0240 - ICMPv6 Route Information Vulnerability - CVE-2010-0241 - TCP/IP Selective Acknowledgement Vulnerability – CVE-2010-0242 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : ±ä±Þ ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-009.mspx [MS10-010] Hyper-V Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼­ºñ½º °ÅºÎ À¯¹ß ¡à ¼³¸í o Hyper-V¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ±â°è¾î°¡ ½ÇÇàµÇ´Â °úÁ¤¿¡¼­ ¼­ºñ½º °ÅºÎ°¡ ¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø Hyper-V : MicrosoftÀÇ °¡»óÈ­ ±â¼ú o °ø°ÝÀÚ°¡ °¡»ó¸Ó½Å¿¡ ·Î±×ÀÎÇÑ µÚ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ±â°è¾î¸¦ ½ÇÇàÇÏ¿© ¼­ºñ½º °ÅºÎ ¹ß»ý°¡´É o °ü·ÃÃë¾àÁ¡ : - Hyper-V Instruction Set Validation Vulnerability - CVE-2010-0026 o ¿µÇâ : ¼­ºñ½º °ÅºÎ o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 R2 for x64-based Systems o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-010.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-010.mspx [MS10-011] CSRSS Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦ ¡à ¿µÇâ o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ Ä¿³Î ¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà ¡à ¼³¸í o À©µµ¿ìÁîÀÇ CSRSS ¸ðµâ¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø CSRSS (Client Server Run-Time Subsystem): ½Ã½ºÅÛ ¾²·¹µåÀÇ »ý¼º°ú »èÁ¦, Win32 ÄÜ¼Ö À©µµ¿ì Á¦¾î, 16ºñÆ® °¡»ó¸Ó½Å ó¸® µîÀ» ´ã´çÇÏ´Â Ä¿³Î¸ðµâ o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - CSRSS Local Privilege Elevation Vulnerability – CVE-2010-0023 o ¿µÇâ : ±ÇÇÑ »ó½Â o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-011.mspx [MS10-012] SMB Server Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o À©µµ¿ìÁîÀÇ SMB Server ¸ðµâÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø SMB (Server Message Block): Microsoft Windows¿¡¼­ »ç¿ëÇÏ´Â ³×Æ®¿öÅ© ÆÄÀÏ °øÀ¯ ÇÁ·ÎÅäÄÝ o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ SMB ÆÐŶÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - SMB Pathname Overflow Vulnerability - CVE-2010-0020 - SMB Memory Corruption Vulnerability - CVE-2010-0021 - SMB Null Pointer Vulnerability - CVE-2010-0022 - SMB NTLM Authentication Lack of Entropy Vulnerability - CVE-2010-0231 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-012.mspx [MS10-013] DirectShow Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ ¡à ¼³¸í o DirectShow°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ AVI ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¿ø°ÝÄڵ尡 ½ÇÇà °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø DirectShow: ¸ÖƼ¹Ìµð¾î ½ºÆ®¸²ÀÇ °í¼º´É ĸÃÄ¿Í Àç»ýÀ» °¡´ÉÇÏ°Ô ÇØÁÖ´Â ±â¼ú o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ AVI ÆÄÀÏÀ» À¯Æ÷ÇÏ¿© »ç¿ëÀÚ°¡ ¿­¾îº¸µµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ - DirectShow Heap Overflow Vulnerability - CVE-2010-0250 o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà o Áß¿äµµ : ±ä±Þ ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Microsoft Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-013.mspx [MS10-014] Kerberos Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ ¹®Á¦ ¡à ¿µÇâ o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼­ºñ½º °ÅºÎ À¯¹ß ¡à ¼³¸í o À©µµ¿ìÁîÀÇ Kerberos ¸ðµâ¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿äûÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ¼­ºñ½º °ÅºÎ°¡ ¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡ ¡Ø Kerberos: À©µµ¿ìÁî¿¡¼­ »ç¿ëÇÏ´Â ±âº» »ç¿ëÀÚ ÀÎÁõ ÇÁ·ÎÅäÄÝ o °ø°ÝÀÚ°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¿äûÀ» Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¹ß¼ÛÇÏ¿© ¼­ºñ½º °ÅºÎ ¹ß»ý°¡´É o °ü·ÃÃë¾àÁ¡ : - Kerberos Null Pointer Dereference Vulnerability - CVE-2010-0035 o ¿µÇâ : ¼­ºñ½º °ÅºÎ o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 Server SP4 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems, SP2 o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 Professional SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-014.mspx [MS10-015] À©µµ¿ìÁî Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦ ¡à ¿µÇâ o »ç¿ëÀÚ ±ÇÇÑÀ» °¡Áø °ø°ÝÀÚ°¡ Ä¿³Î ¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà ¡à ¼³¸í o À©µµ¿ìÁîÀÇ Ä¿³Î ¸ðµâ¿¡¼­ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý °¡´ÉÇÑ ¹®Á¦Á¡ o °ø°ÝÀÚ´Â »ç¿ëÀÚ ±ÇÇÑÀ» ȹµæÇÑ ÈÄ, Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» ½ÇÇàÇÏ¿© Ä¿³Î ¸ðµå¿¡¼­ ÀÓÀÇÀÇ ÄÚµå ½ÇÇà°¡´É o °ü·ÃÃë¾àÁ¡ : - Windows Kernel Exception Handler Vulnerability - CVE-2010-0232 - Windows Kernel Double Free Vulnerability - CVE-2010-0233 o ¿µÇâ : ±ÇÇÑ »ó½Â o Áß¿äµµ : Áß¿ä ¡à ÇØ´ç½Ã½ºÅÛ o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î - Windows 2000 SP4 - Windows XP SP2, SP3 - Windows XP Professional x64 Edition SP2 - Windows Server 2003 SP2 - Windows Server 2003 x64 Edition SP2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista SP1, SP2 - Windows Vista x64 Edition, SP1, SP2 - Windows Server 2008 for 32-bit Systems, SP2 - Windows Server 2008 for x64-based Systems SP2 - Windows Server 2008 for Itanium-based Systems, SP2 - Windows 7 for 32-bit Systems o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î - Windows 7 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for Itanium-based Systems ¡à ÇØ°áÃ¥ o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë ¡à ÂüÁ¶»çÀÌÆ® o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS10-015.mspx