customer

HTML / CSS / JAVA / PHP / MAKETING
Á¦ ¸ñ :  [MS ±ä±Þ ÆÐÄ¡ °øÁö] ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾àÁ¡ ÆÐÄ¡ ¾È³»
ÀÛ¼ºÀÚ : Any3  knhim@hanmail.net ÀÛ¼ºÀÏ : 2009-03-11 Á¶È¸¼ö : 7354
÷ºÎÆÄÀÏ :
¡á °³ ¿ä

MSÞä´Â 3¿ù 11ÀÏ MS À©µµ¿ì ¹× DNS/Wins ¼­¹ö¿¡¼­ ½Ã½ºÅÛ Àå¾Ç µî ÇØÅ·¿¡ ¾Ç¿ë °¡´ÉÇÑ º¸¾ÈÃë¾à
Á¡ 3°Ç(±ä±Þ 1, Áß¿ä 2)À» ¹ßÇ¥ÇÏ¿´´Â ¹Ù, °¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ MSÞäÀÇ º¸¾È ¾÷µ¥ÀÌÆ®¸¦
Á¶¼ÓÈ÷ ¼³Ä¡ÇϽñ⠹ٶø´Ï´Ù.

¡á º¸¾È ¾÷µ¥ÀÌÆ®¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ ¹× °ü·Ã »çÀÌÆ®


1. À©µµ¿ì Ä¿³Î Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå ½ÇÇà ¹®Á¦Á¡(±ä±Þ, 958690)

o ¼³ ¸í
GDI Ä¿³Î ÄÄÆ÷³ÍÆ®¿¡ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Á¶ÀÛµÈ EMF, WMF À̹ÌÁö ÆÄÀÏÀÌ
Æ÷ÇÔµÈ ¾ÇÀÇÀûÀÎ À¥ÆäÀÌÁö¸¦ ±¸ÃàÇÑ ÈÄ »ç¿ëÀÚÀÇ ¹æ¹®À» À¯µµÇϰųª À̸ÞÀÏ Ã·ºÎÆÄÀÏÀ» ¿­¾îº¸µµ·Ï
À¯µµÇÏ¿© Ãë¾à½Ã½ºÅÛ¿¡ ´ëÇØ ¿ÏÀüÇÑ ±ÇÇÑ È¹µæÀÌ °¡´ÉÇÏ´Ù.

* GDI(Graphics Device Interface) : MS À©µµ¿ì¿¡¼­ È­¸é¿¡ ½ºÅ©·Ñ¹Ù, ¼± µî ¸ðµç ±×·¡ÇÈ °´Ã¼µéÀ»
±×¸®´Â ÀÎÅÍÆäÀ̽º
* WMF(Windows Meta File) : º¤Å͹æ½ÄÀÇ À̹ÌÁö ÆÄÀÏÀ» Áö¿øÇϱâ À§ÇÑ wmf È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ·Î
MS Office µîÀÇ Å¬¸³¾ÆÆ®¿¡ ÁÖ·Î ÀÌ¿ë
* EMF(Enhanced Metafile) : WMFÀÇ 32ºñÆ® È®ÀåÇü ÆÄÀÏ Æ÷¸Ë

o °ü·Ã Ãë¾àÁ¡
- Windows Kernel Input Validation Vulnerability(CVE-2009-0081)
- Windows Kernel Handle Validation Vulnerability(CVE-2009-0082)
- Windows Kernel Invalid Pointer Vulnerability(CVE-2009-0083)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Windows Server 2003 SP1, SP2
- Windows Server 2003 x64 Edition, SP2
- Windows Server 2003 with SP1, SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems
o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/Bulletin/MS09-006.mspx

2. SChannel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 960225)

o ¼³ ¸í
SChannel ÀÎÁõ ÄÄÆ÷³ÍÆ®°¡ °øÀÎÀÎÁõ¼­ ±â¹ÝÀÇ ÀÎÁõÀ» ¼öÇàÇÏ´Â °úÁ¤¿¡ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ
Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â Àΰ¡µÈ »ç¿ëÀÚÀÇ °øÀÎÀÎÁõ¼­¸¦ ÀÌ¿ë, ºñ¹ÐÅ° ¾øÀÌ ÀÎÁõÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù.

* SChannel(Secure Channel) : MS À©µµ¿ì¿¡¼­ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ »ç¿ëµÇ´Â º¸¾ÈÇÁ
·ÎÅäÄݷμ­ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼­¹ö¿¡¼­ »ç¿ë
* ½ºÇªÇÎ(Spoofing) : ÀÚ±â ÀÚ½ÅÀÇ ½Äº° Á¤º¸¸¦ ¼Ó¿© ´ë»ó ½Ã½ºÅÛÀ» °ø°ÝÇÏ´Â ¼ö¹ý

o °ü·Ã Ãë¾àÁ¡
- SChannel Spoofing Vulnerability(CVE-2009-0085)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- Microsoft Windows 2000 SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Windows Server 2003 SP1, SP2
- Windows Server 2003 x64 Edition, SP2
- Windows Server 2003 with SP1, SP2 for Itanium-based Systems
- Windows Vista, SP1
- Windows Vista x64 Edition, SP1
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for Itanium-based Systems
o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-007.mspx

3. DNS¿Í WINS ¼­¹ö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ½ºÇªÇÎ ¹®Á¦Á¡(Áß¿ä, 962238)

o ¼³ ¸í
MS À©µµ¿ì DNS¿Í WINS ¼­¹ö¿¡¼­ ½ºÇªÇÎÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â DNS ¼­¹ö¿¡ Á¶ÀÛ
µÈ Äõ¸®¸¦ º¸³»°Å³ª WINS ¼­¹ö¿¡ man-in-the-middle-attackÀ» ÇÏ¿© ÀÎÅÍ³Ý Æ®·¡ÇÈÀÇ °æ·Î¸¦ ¿øÇÏ´Â
°÷À¸·Î º¯°æÇÒ ¼ö ÀÖ´Ù.

* WINS(Windows Internet Name Service) ¼­¹ö : TCP/IPȯ°æ¿¡¼­ NetBIOS À̸§(ÄÄÇ»ÅÍ À̸§)À» IP
ÁÖ¼Ò¿Í ¼­·Î ¿¬°á½ÃÄÑÁÖ´Â ¿ªÇÒÀ» ÇÏ´Â ¼­¹ö
* man-in-the-middle-attack(Áß°£ÀÚ °ø°Ý) : µÎ ´ç»çÀÚ°£ÀÇ Åë½Å ¸Þ¼¼Áö¸¦ °ø°ÝÀÚ°¡ Áß°£¿¡¼­ ¸¶À½´ë
·Î °¡·Îç ¼ö ÀÖ´Â °ø°Ý

o °ü·Ã Ãë¾àÁ¡
- DNS Server Query Validation Vulnerability(CVE-2009-0233)
- DNS Server Response Validation Vulnerability(CVE-2009-0234)
- DNS Server Vulnerability in WPAD Registration Vulnerability(CVE-2009-0093)
- WPAD WINS Server Registration Vulnerability(CVE-2009-0094)

o ¿µÇâ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
- DNS/WINS Server on Microsoft Windows 2000 SP4
- DNS/WINS Server on Microsoft Windows Server 2003 SP1, SP2
- DNS/WINS Server on Microsoft Windows Server 2003 x64 Edition, SP2
- DNS/WINS Server on Microsoft Windows Server 2003 for Itanium-based Systems SP1, SP2
- DNS Server on Windows Server 2008 for 32-bit Systems
- DNS Server on Windows Server 2008 for x64-based Systems
o ¿µÇâ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
- Windows 2000 Professional SP4
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition, SP2
- Microsoft Windows Vista, SP1
- Microsoft Windows Vista x64 Edition, SP1
- Microsoft Windows Server 2008 for Itanium-based Systems

o °ü·Ã»çÀÌÆ®
¡æ ¿µ¹® : http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
¡æ ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS09-008.mspx

¡á Âü°íÁ¤º¸
Microsoft Update
¡æ http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
ÀÌÀü±Û: È£½ºÆà ÀÌÀü ÀÛ¾÷ °øÁö
´ÙÀ½±Û: ¼­¹ö ¾ÈÁ¤È­ ÀÛ¾÷ °øÁö