|
|
 
| Á¦¸ñ |
[MS º¸¾È¾÷µ¥ÀÌÆ®]2011³â 2¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í |
Á¶È¸¼ö |
2,813°Ç |
[MS11-003] Internet Explorer ´©Àû º¸¾È ¾÷µ¥ÀÌÆ®
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡à ¼³¸í
o °ø°³µÈ Ãë¾àÁ¡ 2°³¸¦ Æ÷ÇÔÇÑ ÃÑ 4°³ÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ À¥ÆäÀÌÁö¸¦ »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- CSS Memory Corruption Vulnerability - CVE-2010-3971
- Uninitialized Memory Corruption Vulnerability - CVE-2011-0035
- Uninitialized Memory Corruption Vulnerability - CVE-2011-0036
- Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-0038
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Internet Explorer 6 with Windows XP SP3
- Internet Explorer 6 with Windows Pro x64 SP2
- Internet Explorer 6 with Windows Server 2003 SP2
- Internet Explorer 6 with Windows Server 2003 x64 SP2
- Internet Explorer 6 with Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows XP SP3
- Internet Explorer 7 with Windows Pro x64 SP2
- Internet Explorer 7 with Windows Server 2003 SP2
- Internet Explorer 7 with Windows Server 2003 x64 SP2
- Internet Explorer 7 with Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows Vista SP1, SP2
- Internet Explorer 7 with Windows Vista x64 SP1, SP2
- Internet Explorer 7 with Windows Server 2008, SP2
- Internet Explorer 7 with Windows Server 2008 x64, SP2
- Internet Explorer 7 with Windows Server for Itanium-based Systems, SP2
- Internet Explorer 8 with Windows XP SP3
- Internet Explorer 8 with Windows XP Pro x64 SP2
- Internet Explorer 8 with Windows Server 2003 SP2
- Internet Explorer 8 with Windows Server 2003 x64 SP2
- Internet Explorer 8 with Windows Vista SP1, SP2
- Internet Explorer 8 with Windows Vista x64 SP1, SP2
- Internet Explorer 8 with Windows Server 2008 SP1, SP2
- Internet Explorer 8 with Windows Server 2008 x64 SP1, SP2
- Internet Explorer 8 with Windows 7
- Internet Explorer 8 with Windows 7 x64
- Internet Explorer 8 with Windows Server 2008 R2 for x64
- Internet Explorer 8 with Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-003.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-003.mspx
[MS11-004] Internet Information Services Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o IIS FTP ¼ºñ½ºÀÇ FTP ¼¹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ FTP ¸í·ÉÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
¡Ø IIS(Internet Information Services) : FTP, SMTP, NNTP, HTTP/HTTPS µîÀÇ ÇÁ·ÎÅäÄÝÀ» Áö¿øÇÏ´Â MSÀÇ ÀÎÅÍ³Ý Á¤º¸ ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ FTP ¸í·ÉÀ» Àü¼ÛÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- IIS FTP Service Heap Buffer Overrun Vulnerability - CVE-2010-3972
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- IIS FTP 7.0, 7.5 on Windows Vista SP1, SP2
- IIS FTP 7.0, 7.5 on Windows Vista x64 Edition SP1, SP2
- IIS FTP 7.0, 7.5 on Windows Server 2008 for 32-bit Systems, SP2
- IIS FTP 7.0, 7.5 on Windows Server 2008 for x64-based Systems, SP2
- IIS FTP 7.5 on Windows 7 for 32-bit Systems
- IIS FTP 7.5 on Windows 7 for x64-based Systems
- IIS FTP 7.5 on Windows Server 2008 R2 for x64-based Systems
- IIS FTP 7.5 on Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- IIS FTP 5.1 on Windows XP SP3
- IIS FTP 5.1 on Windows XP Professional x64 Edition SP2
- IIS FTP 6.0 on Windows Server 2003 SP2
- IIS FTP 6.0 on Windows Server 2003 x64 Edition SP2
- IIS FTP 6.0 on Windows Server 2003 with SP2 for Itanium-based Systems
- IIS FTP 6.0 on Windows Vista SP1, SP2
- IIS FTP 6.0 on Windows Vista x64 Edition SP1, SP2
- IIS FTP 6.0 on Windows Server 2008 for 32-bit Systems, SP2
- IIS FTP 6.0 on Windows Server 2008 for x64-based Systems, SP2
- IIS FTP 6.0 on Windows Server 2008 for Itanium-based Systems, SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-004.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-004.mspx
[MS11-005] Active Directory Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼ºñ½º°ÅºÎ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¼ºñ½º°ÅºÎ »óÅ·Π¸¸µé ¼ö ÀÖÀ½
¡à ¼³¸í
o Active Directory ¼¹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º°ÅºÎ Ãë¾àÁ¡ÀÌ ¹ß»ý
¡Ø Active Directory : À©µµ¿ì ¿î¿µÃ¼Á¦¿¡¼ »ç¿ëÀÚ, »ç¿ëÀÚ ±×·ì, ³×Æ®¿÷ µ¥ÀÌÅÍ µîÀ» Çϳª·Î ÅëÇÕ °ü¸®ÇÏ´Â µð·ºÅ丮 ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆÐŶÀ» Àü¼ÛÇÏ¿© ¼ºñ½º°ÅºÎ ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Active Directory SPN Validation Vulnerability - CVE-2011-0040
o ¿µÇâ : ¼ºñ½º°ÅºÎ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Active Directory on Windows Server 2003 SP2
- Active Directory on Windows Server 2003 x64 Edition SP2
- Active Directory on Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- ADAM on Windows XP SP3
- ADAM on Windows XP Professional x64 Edition SP2
- ADAM on Windows Server 2003 SP2
- ADAM on Windows Server 2003 x64 Edition SP2
- AD LDS on Windows Vista SP1, SP2
- AD LDS on Windows Vista x64 Edition SP1, SP2
- AD, AD LDS on Windows Server 2008 for 32-bit Systems, SP2
- AD, AD LDS on Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- AD LDS on Windows 7 for 32-bit Systems
- AD LDS on Windows 7 for x64-based Systems
- AD, AD LDS Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-005.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-005.mspx
[MS11-006] Windows Shell Graphics Processor Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡à ¼³¸í
o Windows Shell Graphics Processor°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
¡Ø Windows Shell Graphics Processor : À©µµ¿ì ¿î¿µÃ¼Á¦¿¡¼ Ž»ö±â¿¡ À̹ÌÁö ÆÄÀÏÀ» °£·«ÇÏ°Ô º¸¿©ÁÖ±â À§ÇØ »ç¿ëµÇ´Â ¸ðµâ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À̹ÌÁö ÆÄÀÏÀ» »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Windows Shell Graphics Processing Overrun Vulnerability - CVE-2010-3970
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-006.mspx
[MS11-007] OpenType Compact Font Format µå¶óÀ̹öÃë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o OpenType Compact Font Format µå¶óÀ̹ö°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆùÆ®¸¦ ÀÌ¿ëÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
¡Ø OpenType Compact Font Format : MS À©µµ¿ì¿Í ¾ÖÇà MAC ¿î¿µÃ¼°è¿¡¼ »ç¿ëµÇ´Â Æ®·çŸÀÔ ÆùÆ® ÆÄÀÏ Çü½ÄÀ» È®ÀåÇÑ ±Û²Ã ÆÄÀÏ Çü½Ä
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÆùÆ®¸¦ »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï À¯µµÇÏ¿© ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- OpenType Font Encoded Character Vulnerability - CVE-2011-0033
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : ±ä±Þ
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-007.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-007.mspx
[MS11-008] Microsoft Visio Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇà °¡´É
¡à ¼³¸í
o Microsoft Visio°¡ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Visio ÆÄÀÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¿ø°ÝÄÚµå½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ Á¸Àç
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ Visio ÆÄÀÏÀ» »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇÏ¿© ·Î±×¿Â »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¿ø°ÝÄÚµå ½ÇÇà°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Visio Object Memory Corruption Vulnerability - CVE-2011-0092
- Visio Data Type Memory Corruption Vulnerability - CVE-2011-0093
o ¿µÇâ : ¿ø°ÝÄÚµå½ÇÇà
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Visio 2002 SP2
- Microsoft Visio 2003 SP3
- Microsoft Visio 2007 SP2
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Visio 2010 (32-bit editions)
- Microsoft Visio 2010 (64-bit editions)
- Microsoft Visio 2007 Viewer
- Microsoft Visio 2010 Viewer
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-008.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-008.mspx
[MS11-009] JScript/VBScript Scripting ¿£Áø Ãë¾àÁ¡À¸·Î ÀÎÇÑ Á¤º¸´©Ãâ ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ Á¤º¸´©Ãâ
¡à ¼³¸í
o JScript/VBScript Scripting ¿£ÁøÀÌ Æ¯¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼ Á¤º¸´©Ãâ Ãë¾àÁ¡ÀÌ ¹ß»ý
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ÆäÀÌÁö¸¦ »ç¿ëÀÚ°¡ ¿¾îº¸µµ·Ï À¯µµÇÏ¿© Á¤º¸´©Ã⠹߻ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Scripting Engines Information Disclosure Vulnerability - CVE-2011-0031
o ¿µÇâ : Á¤º¸´©Ãâ
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-009.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-009.mspx
[MS11-010] Windows Client/Server Run-time Subsystem Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Client/Server Run-time SubsystemÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
¡Ø Windows Client/Server Run-time Subsystem : Win32 ¼ºê½Ã½ºÅÛÀÇ »ç¿ëÀÚ¸ðµå ºÎºÐÀ¸·Î ÄÜ¼Ö À©µµ¿ì, ½º·¹µåÀÇ »ý¼º/»èÁ¦ µî¿¡ °ü¿©Çϸç Ç×»ó ½ÇÇàµÇ¾î¾ß ÇÏ´Â ±âº»ÀûÀÎ ¼ºê½Ã½ºÅÛ
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- CSRSS Elevation of Privilege Vulnerability - CVE-2011-0030
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-010.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-010.mspx
[MS11-011] Windows Kernel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Windows KernelÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Driver Improper Interaction with Windows Kernel Vulnerability - CVE-2010-4398
- Windows Kernel Integer Truncation Vulnerability - CVE-2011-0045
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-011.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-011.mspx
[MS11-012] Windows Kernel-Mode µå¶óÀ̹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Windows Kernel-Mode µå¶óÀ̹öÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ»ó½ÂÀÌ ¹ß»ý
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Win32k Improper User Input Validation Vulnerability - CVE-2011-0086
- Win32k Insufficient User Input Validation Vulnerability - CVE-2011-0087
- Win32k Window Class Pointer Confusion Vulnerability - CVE-2011-0088
- Win32k Window Class Improper Pointer Validation Vulnerability - CVE-2011-0089
- Win32k Memory Corruption Vulnerability - CVE-2011-0090
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-012.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-012.mspx
[MS11-013] Kerberos Ãë¾àÁ¡À¸·Î ÀÎÇÑ ±ÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¼ºñ½º°¡ µ¿ÀÛÇÏ´Â °úÁ¤ Áß, KerberosÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ±ÇÇÑ »ó½ÂÀÌ ¹ß»ý
¡Ø Kerberos : °³¹æµÈ ÄÄÇ»ÅÍ ³×Æ®¿öÅ© ³»¿¡¼ ¼ºñ½º ¿ä±¸¸¦ ÀÎÁõÇϱâ À§ÇÑ ¹æ¹ý
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¼ºñ½º¸¦ »ç¿ëÀÚ°¡ »ç¿ëÇϵµ·Ï À¯µµÇÏ¿© ±ÇÇÑ»ó½Â ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- Kerberos Unkeyed Checksum Vulnerability - CVE-2011-0043
- Kerberos Spoofing Vulnerability - CVE-2011-0091
o ¿µÇâ : ±ÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-013.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-013.mspx
[MS11-014] Local Security Authority Subsystem Service Ãë¾àÁ¡À¸·Î ÀÎÇÑ ·ÎÄñÇÇÑ»ó½Â ¹®Á¦
¡à ¿µÇâ
o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæ
¡à ¼³¸í
o Windows¿¡¼ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀÌ ½ÇÇàµÇ´Â °úÁ¤ Áß, Local Security Authority Subsystem ServiceÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ ·ÎÄñÇÇÑ»ó½ÂÀÌ ¹ß»ý
¡Ø Local Security Authority Subsystem Service : ·ÎÄà º¸¾È, µµ¸ÞÀÎ ÀÎÁõ, ¿¢Æ¼ºê µð·ºÅ丮 ¼ºñ½º ÇÁ·Î¼¼½º µîÀ» °ü¸®Çϱâ À§ÇÑ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÏ´Â ¼ºñ½º
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ¾îÇø®ÄÉÀ̼ÇÀ» »ç¿ëÀÚ°¡ ½ÇÇàÇϵµ·Ï À¯µµÇÏ¿© ·ÎÄñÇÇÑ»ó½Â ¹ß»ý°¡´É
o °ü·ÃÃë¾àÁ¡ :
- LSASS Length Validation Vulnerability - CVE-2011-0039
o ¿µÇâ : ·ÎÄñÇÇÑ»ó½Â
o Áß¿äµµ : Áß¿ä
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ÇØ°áÃ¥
o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë
¡à ÂüÁ¶»çÀÌÆ®
o ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS11-014.mspx
o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS11-014.mspx
|
|
