출처 : 국가사이버안전센터

 

■보안업데이트에포함된취약점및관련사이트

1.ActiveDirectory취약점으로인한원격코드실행문제점(긴급,971055)

    o설명
        ActiveDirectory에원격코드실행취약점이존재하여공격자는취약한시스템에조작된LDAP또는LDAPS요청패킷을전송하여

        해당시스템에대해완전한권한획득이가능하다.
            *ActiveDirectory:사용자,그룹,보안서비스,네트워크자원등을중앙에서관리하는기능을제공
            *LDAP(LightweightDirectoryAccessProtocol):인터넷디렉토리를연결,검색,수정하는데사용하는프로토콜
            *LDAPS(LDAPoverSSL):SSL채널을이용하는LDAP으로암호화통신시사용

    o관련취약점
        -ActiveDirectoryInvalidFreeVulnerability(CVE-2009-1138)
        -ActiveDirectoryMemoryLeakVulnerability(CVE-2009-1139)
    o영향받는소프트웨어
        -ActiveDirectoryonMicrosoftWindows2000ServerSP4
        -ActiveDirectoryApplicationModeonWindowsXPProfessionalSP2,SP3
        -ActiveDirectoryApplicationModeonWindowsXPProfessionalx64EditionSP2
        -ActiveDirectoryonWindowsServer2003SP2
        -ActiveDirectoryApplicationModeonWindowsServer2003SP2
        -ActiveDirectoryonWindowsServer2003x64EditionSP2
        -ActiveDirectoryApplicationModeonWindowsServer2003x64EditionSP2
        -ActiveDirectoryonWindowsServer2003SP2forItanium-basedSystems

    o영향받지않는소프트웨어
        -ActiveDirectoryonWindowsServer2008for32-bitSystems,SP2
        -ActiveDirectoryLightweightDirectoryServiceonWindowsServer2008for32-bitSystems,SP2
        -ActiveDirectoryonWindowsServer2008forx64-basedSystems,SP2
        -ActiveDirectoryLightweightDirectoryServiceonWindowsServer2008forx64-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-018.mspx

2.InternetExplorer누적보안업데이트(긴급,969897)

    o설명
        InternetExplorer에원격코드실행취약점이존재하여공격자는해당취약점을이용한악의적인웹페이지를구축한후사용자의

        방문을유도하여취약시스템에대해완전한권한획득이가능하다.

    o관련취약점
        -RaceConditionCross-DomainInformationDisclosureVulnerability(CVE-2007-3091)
        -Cross-DomainInformationDisclosureVulnerability(CVE-2009-1140)
        -DHTMLObjectMemoryCorruption(CVE-2009-1141)
        -HTMLObjectMemoryCorruption(CVE-2009-1528)
        -UninitializedMemoryCorruptionVulnerability(CVE-2009-1529)
        -HTMLObjectsMemoryCorruptionVulnerability(CVE-2009-1530)
        -HTMLObjectMemoryCorruptionVulnerability(CVE-2009-1531)
        -HTMLObjectMemoryCorruptionVulnerability(CVE-2009-1532)
    o영향받는소프트웨어
        -InternetExplorer5.01SP4onMicrosoftWindows2000SP4
        -InternetExplorer6SP1onMicrosoftWindows2000SP4
        -InternetExplorer6onWindowsXPSP2,SP3
        -InternetExplorer6onWindowsXPProfessionalx64EditionSP2
        -InternetExplorer6onWindowsServer2003SP2
        -InternetExplorer6onWindowsServer2003x64EditionSP2
        -InternetExplorer6onWindowsServer2003SP2forItanium-basedSystems
        -InternetExplorer7onWindowsXPSP2,SP3
        -InternetExplorer7onWindowsXPProfessionalx64EditionSP2
        -InternetExplorer7onWindowsServer2003SP2
        -InternetExplorer7onWindowsServer2003x64EditionSP2
        -InternetExplorer7onWindowsServer2003SP2forItanium-basedSystems
        -InternetExplorer7onWindowsVista,SP1,SP2
        -InternetExplorer7onWindowsVistax64Edition,SP1,SP2
        -InternetExplorer7onWindowsServer2008for32-bitSystems,SP2
        -InternetExplorer7onWindowsServer2008forx64-basedSystems,SP2
        -InternetExplorer7onWindowsServer2008forItanium-basedSystems,SP2
        -InternetExplorer8onWindowsXPSP2,SP3
        -InternetExplorer8onWindowsXPProfessionalx64EditionSP2
        -InternetExplorer8onWindowsServer2003SP2
        -InternetExplorer8onWindowsServer2003x64EditionSP2
        -InternetExplorer8onWindowsVista,SP1,SP2
        -InternetExplorer8onWindowsVistax64Edition,SP1,SP2
        -InternetExplorer8onWindowsServer2008for32-bitSystems,SP2
        -InternetExplorer8onWindowsServer2008forx64-basedSystems,SP2

    o관련사이트

        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-019.mspx

3.IIS취약점으로인한권한상승문제점(중요,970483)

    o설명
        IIS에원격코드실행취약점이존재하여공격자는악의적으로조작된HTTP요청을전송하여취약한시스템에접근할수있는권한을

        얻을수있다.
        *IIS(InternetInformationServices):MS社에서제공하는웹서버프로그램
    o관련취약점
        -IIS5.0WebDAVAuthenticationBypassVulnerability(CVE-2009-1122)
        -IIS5.1and6.0WebDAVAuthenticationBypassVulnerability(CVE-2009-1535)
    o영향받는소프트웨어
        -InternetInformationServices5.0onMicrosoftWindows2000ServerSP4
        -InternetInformationServices5.1onWindowsXPProfessionalSP2,SP3
        -InternetInformationServices6.0onWindowsXPProfessionalx64EditionSP2
        -InternetInformationServices6.0onWindowsServer2003SP2
        -InternetInformationServices6.0onWindowsServer2003x64EditionSP2
        -InternetInformationServices6.0onWindowsServer2003SP2forItanium-basedSystems

    o영향받지않는소프트웨어
        -InternetInformationServices7.0onWindowsVista,SP1,SP2
        -InternetInformationServices7.0onWindowsVistax64Edition,SP1,SP2
        -InternetInformationServices7.0onWindowsServer2008for32-bitSystems,SP2
        -InternetInformationServices7.0onWindowsServer2008forx64-basedSystems,SP2
        -InternetInformationServices7.0onWindowsServer2008forItanium-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-020.mspx

4.MSOffice엑셀취약점으로인한원격코드실행문제점(긴급,969462)

    o설명
        MSOffice엑셀에서비정상적인레코드가포함된엑셀파일을처리하는과정에원격코드실행취약점이존재하여공격자는조작된엑셀파일이포함된악의적인웹페이지를구축한후사용자의방문을유도하거나이메일첨부파일을열어보도록유도하여취약시스템에대해완전한권한획득이가능하다.

    o관련취약점
        -RecordPointerCorruptionVulnerability(CVE-2009-0549)
        -ObjectRecordCorruptionVulnerability(CVE-2009-0557)
        -ArrayIndexingMemoryCorruptionVulnerability(CVE-2009-0558)
        -StringCopyStack-BasedOverrunVulnerability(CVE-2009-0559)
        -FieldSanitizationMemoryCorruptionVulnerability(CVE-2009-0560)
        -RecordIntegerOverflowVulnerability(CVE-2009-0561)
        -RecordPointerCorruptionVulnerability(CVE-2009-1134)

    o영향받는소프트웨어
        -MicrosoftOffice2000SP3
        -MicrosoftOfficeXPSP3
        -MicrosoftOffice2003SP3
        -2007MicrosoftOfficeSystemSP1,SP2
        -MicrosoftOffice2004forMac
        -MicrosoftOffice2008forMac
        -OpenXMLFileFormatConverterforMac
        -MicrosoftOffice엑셀Viewer2003SP3
        -MicrosoftOffice엑셀Viewer
        -MicrosoftOfficeCompatibilityPackforWord,엑셀,andPowerPoint2007FileFormatsSP1,SP2
        -MicrosoftOfficeSharePointServer2007SP1,SP2(32-biteditions)
        -MicrosoftOfficeSharePointServer2007SP1,SP2(64-biteditions)

    o영향받지않는소프트웨어
        -MicrosoftOfficeConverterPack
        -Works8.5
        -Works9

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-021.mspx

5.MS윈도우PrintSpooler취약점으로인한원격코드실행문제점(긴급,961501)

    o설명
        MS윈도우의PrintSpooler에서RPC요청을처리하는과정에원격코드실행취약점이존재하여공격자는조작된네트워크패킷을전송하여취약시스템에대해완전한권한획득이가능하다.
    o관련취약점
        -BufferOverflowinPrintSpoolerVulnerability(CVE-2009-0228)
        -PrintSpoolerReadFileVulnerability(CVE-2009-0229)
        -PrintSpoolerLoadLibraryVulnerability(CVE-2009-0230)
    o영향받는소프트웨어
        -MicrosoftWindows2000ServerSP4
        -WindowsXPProfessionalSP2,SP3
        -WindowsXPProfessionalx64EditionSP2
        -WindowsServer2003SP2
        -WindowsServer2003x64EditionSP2
        -WindowsServer2003SP2forItanium-basedSystems
        -WindowsVista,SP1,SP2
        -WindowsVistax64Edition,SP1,SP2
        -WindowsServer2008for32-bitSystems,SP2
        -WindowsServer2008forx64-basedSystems,SP2
        -WindowsServer2008forItanium-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-022.mspx

6.WindowsSearch취약점으로인한정보유출문제점(보통,963093)

    o설명
        WindowsSearch4.0의파일미리보기기능에취약점이존재하여공격자에의해악의적으로제작된HTML파일이검색결과로보여질경우취약한시스템의정보가노출될수있다.
        *WindowsSearch:PC에저장되어있는문서등각종파일을검색하고미리볼수있도록하는기능을제공
    o관련취약점
        -ScriptExecutioninWindowsSearchVulnerability(CVE-2009-0239)
    o영향받는소프트웨어
        -WindowsSearch4.0onWindowsXPSP2,SP3
        -WindowsSearch4.0onWindowsXPProfessionalx64EditionSP2
        -WindowsSearch4.0onWindowsServer2003SP2
        -WindowsSearch4.0onWindowsServer2003x64EditionSP2
    o영향받지않는소프트웨어
        -WindowsVista,SP1,SP2
        -WindowsVistax64Edition,SP1,SP2
        -WindowsServer2008for32-bitSystems,SP2
        -WindowsServer2008forx64-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-023.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-023.mspx

    7.MSWorks변환기취약점으로인한원격코드실행문제점(긴급,957632)
    o설명
        MSWorks변환기에서Works(.WPS)파일을처리하는과정에원격코드실행취약점이존재하여공격자는조작된Works파일이포함된악의적인웹페이지를구축한후사용자의방문을유도하거나이메일첨부파일을열어보도록유도하여취약시스템에대해완전한권한획득이가능하다.
        *MSWorks:MSOffice에포함된문서작성프로그램(국내未출시)
    o관련취약점
        -FileConverterBufferOverflowVulnerability(CVE-2009-1533)
    o영향받는소프트웨어
        -MicrosoftOfficeWord2000SP3
        -MicrosoftOfficeWord2002SP3
        -MicrosoftOfficeWord2003SP3withtheMicrosoftWorks6?9FileConverter
        -MicrosoftOfficeWord2007SP1
        -MicrosoftWorks8.5
        -MicrosoftWorks9

    o영향받지않는소프트웨어
        -MicrosoftOffice2007SP2
        -MicrosoftOffice2004forMac
        -MicrosoftOffice2008forMac
        -OpenXMLFileFormatConverterforMac
        -MicrosoftOfficeWordViewer2003SP3
        -MicrosoftOfficeWordViewerSP1,SP2
        -MicrosoftOfficeCompatibilityPackSP1,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-024.mspx

8.윈도우커널취약점으로인한권한상승문제점(중요,968537)

    o설명
        윈도우커널에서입력값을검증하는과정등에권한상승취약점이존재하여해당취약점공격에성공한공격자는취약한시스템의커널모드에서악성코드등임의의코드를실행시킬수있다.
    o관련취약점
        -WindowsKernelDesktopVulnerability(CVE-2009-1123)
        -WindowsKernelPointerValidationVulnerability(CVE-2009-1124)
        -WindowsDriverClassRegistrationVulnerability(CVE-2009-1125)
        -WindowsDesktopParameterEditVulnerability(CVE-2009-1126)
    o영향받는소프트웨어
        -MicrosoftWindows2000SP4
        -WindowsXPSP2,SP3
        -WindowsXPProfessionalx64EditionSP2
        -WindowsServer2003SP2
        -WindowsServer2003x64EditionSP2
        -WindowsServer2003forItanium-basedSystemsSP2
        -WindowsVista,SP1,SP2
        -WindowsVistax64Edition,SP1,SP2
        -WindowsServer2008for32-bitSystems,SP2
        -WindowsServer2008forx64-basedSystems,SP2
        -WindowsServer2008forItanium-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-025.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-025.mspx
9.RPC취약점으로인한권한상승문제점(중요,970238)

    o설명
        MS윈도우의RPC에서내부상태정보를업데이트하는과정에권한상승취약점이존재하여해당취약점공격에성공한공격자는악성코드등을실행시켜취약한시스템에대해완전한권한획득이가능하다.
        *RPC(RemoteProcedureCall):네트워크상의다른시스템에있는프로그램에서비스를요청할때사용하는프로토콜
    o관련취약점
        -RPCMarshallingEngineVulnerability(CVE-2009-0568)
    o영향받는소프트웨어
        -MicrosoftWindows2000SP4
        -WindowsXPSP2,SP3
        -WindowsXPProfessionalx64EditionSP2
        -WindowsServer2003SP2
        -WindowsServer2003x64EditionSP2
        -WindowsServer2003forItanium-basedSystemsSP2
        -WindowsVista,SP1,SP2
        -WindowsVistax64Edition,SP1,SP2
        -WindowsServer2008for32-bitSystems,SP2
        -WindowsServer2008forx64-basedSystems,SP2
        -WindowsServer2008forItanium-basedSystems,SP2

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-026.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-026.mspx

10.MSOffice워드취약점으로인한원격코드실행문제점(긴급,969514)

    o설명
        MS워드에서워드문서를열람하는과정에원격코드실행취약점이존재하여공격자는조작된워드파일이포함된악의적인웹페이지를구축한후사용자의방문을유도하거나이메일첨부파일을열어보도록유도하여취약시스템에대해완전한권한획득이가능하다.
    o관련취약점
        -WordBufferOverflowVulnerability(CVE-2009-0563)
        -WordBufferOverflowVulnerability(CVE-2009-0565)
    o영향받는소프트웨어
        -MicrosoftOfficeWord2000SP3
        -MicrosoftOfficeWord2002SP3
        -MicrosoftOfficeWord2003SP3
        -MicrosoftOfficeWord2007SP1,SP2
        -MicrosoftOffice2004forMac
        -MicrosoftOffice2008forMac
        -OpenXMLFileFormatConverterforMac
        -MicrosoftOfficeWordViewer2003SP3
        -MicrosoftOfficeWordViewer
        -MicrosoftOfficeCompatibilityPackSP1,SP2

    o영향받지않는소프트웨어
        -MicrosoftWorks8.5
        -MicrosoftWorks9

    o관련사이트
        →영문:http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx
        →한글:http://www.microsoft.com/korea/technet/security/bulletin/MS09-027.mspx

신고
Posted by hotpoto

티스토리 툴바