CISA, KEV ¸ñ·Ï ¾÷µ¥ÀÌÆ®ÇÏ¸ç ·£¼¶¿þ¾î ¾Ç¿ë »ç½Ç ¸í½Ã
[º¸¾È´º½º °ÃÊÈñ ±âÀÚ] ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® µðÆæ´õ(Microsoft Defender)ÀÇ BlueHammer(CVE-2026-33825) Ãë¾àÁ¡ÀÌ ½ÇÁ¦ ·£¼¶¿þ¾î °ø°Ý¿¡ ¾Ç¿ëµÈ °ÍÀ¸·Î È®ÀεƴÙ.

¹Ì±¹ »çÀ̹öº¸¾È ¹× ÀÎÇÁ¶óº¸¾È±¹(CISA)Àº ÃÖ±Ù ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ KEV(Known Exploited Vulnerabilities, ½ÇÁ¦ ¾Ç¿ëÀÌ È®ÀÎµÈ Ãë¾àÁ¡) ¸ñ·ÏÀ» ¾÷µ¥ÀÌÆ®Çϸç, BlueHammer°¡ ·£¼¶¿þ¾î °ø°Ý Ä·ÆäÀο¡ Ȱ¿ëµÆ´Ù°í ¹àÇû´Ù.
BlueHammer´Â ÃÖ±Ù º¸¾È ¿¬±¸ÀÚ Chaotic Eclipse¿Í Nightmare Eclipse°¡ °ø°³ÇÑ ¿©·¯ ÀͽºÇ÷ÎÀÕ °¡¿îµ¥ Çϳª´Ù. ÇØ´ç ¿¬±¸ÀÚ´Â ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®ÀÇ Ãë¾àÁ¡ ´ëÀÀ ¹æ½Ä¿¡ ºÒ¸¸À» Á¦±âÇϸç, º¸¾È ÆÐÄ¡°¡ ¹èÆ÷µÇ±â Àü¿¡ ¿©·¯ Ãë¾àÁ¡ Á¤º¸¸¦ °ø°³ÇØ ¿Ô´Ù.
CVE-2026-33825´Â Áö³ 4¿ù 2ÀÏ °ø°³µÆÀ¸¸ç, ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®´Â °°Àº ´Þ 14ÀÏ º¸¾È ÆÐÄ¡¸¦ ¹èÆ÷Çß´Ù. ´ç½Ã ȸ»ç´Â ÀÎÁõµÈ °ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ±ÇÇÑ »ó½Â(Privilege Escalation) °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù°í ¼³¸íÇß´Ù.
¸¶ÀÌÅ©·Î¼ÒÇÁÆ®´Â ÀÌÈÄ 4¿ù 30ÀÏ º¸¾È ±Ç°í¹®À» ¾÷µ¥ÀÌÆ®ÇÏ¸é¼ ÇØ´ç Ãë¾àÁ¡ÀÇ ¾Ç¿ë °¡´É¼ºÀÌ ³ô´Ù°í Æò°¡ÇßÁö¸¸, ½ÇÁ¦ °ø°Ý »ç·Ê°¡ È®Àεƴٴ »ç½ÇÀº °ø°³ÇÏÁö ¾Ê¾Ò´Ù.
¹Ý¸é º¸¾È±â¾÷ Ç寮¸®½º(Huntress)´Â ÀÌ Ãë¾àÁ¡ÀÌ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®ÀÇ ÆÐÄ¡°¡ ¹èÆ÷µÇ±â Àü Á¦·Îµ¥ÀÌ(Zero-day) »óÅ¿¡¼ ÀÌ¹Ì ½ÇÁ¦ °ø°Ý¿¡ ¾Ç¿ëµÈ »ç½ÇÀ» È®ÀÎÇß´Ù°í ¹àÇû´Ù.
CISA´Â Áö³ 4¿ù 22ÀÏ BlueHammer¸¦ KEV ¸ñ·Ï¿¡ Ãß°¡ÇÑ µ¥ À̾î ÃÖ±Ù ¸ñ·ÏÀ» ¼öÁ¤ÇØ ÀÌ Ãë¾àÁ¡ÀÌ ·£¼¶¿þ¾î °ø°Ý¿¡µµ Ȱ¿ëµÆ´Ù´Â ³»¿ëÀ» Ãß°¡Çß´Ù. ´Ù¸¸ ÇöÀç±îÁö ¾î¶² ·£¼¶¿þ¾î Á¶Á÷ÀÌ CVE-2026-33825¸¦ ¾Ç¿ëÇß´ÂÁö´Â È®ÀεÇÁö ¾Ê¾Ò´Ù. ÇØ´ç Ãë¾àÁ¡ÀÇ ±¸Ã¼ÀûÀÎ ¾Ç¿ë »ç·Ê¸¦ ´Ù·é ÃÖ±Ù º¸°í¼µµ °ø°³µÇÁö ¾ÊÀº »óÅ´Ù.
ÇÑÆí CISA´Â KEV ¸ñ·Ï¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ÀÌ ÀÌÈÄ ·£¼¶¿þ¾î °ø°Ý¿¡ Ȱ¿ëµÇ±â ½ÃÀÛÇÏ´õ¶óµµ º°µµÀÇ °øÁö¸¦ Á¦°øÇÏÁö ¾Ê´Â´Ù. ÀÌ¿¡ µû¶ó ÀÌ·¯ÇÑ ¾÷µ¥ÀÌÆ®°¡ ½ÇÁ¦ º¸¾È ´ã´çÀڵ鿡°Ô ¾ó¸¶³ª ½ÇÁúÀûÀÎ µµ¿òÀÌ µÇ´ÂÁö¿¡ ´ëÇÑ Àǹ®µµ Á¦±âµÇ°í ÀÖ´Ù°í ¹Ì±¹ º¸¾È Àü¹®¸Åü ¡®SecurityWeek¡¯´Â ÀüÇß´Ù.
ÀÌ¿Í °ü·ÃÇØ À§Çù ÀÎÅÚ¸®Àü½º ±â¾÷ ±×·¹À̳ëÀÌÁî(GreyNoise)´Â ¿ÃÇØ ÃÊ KEV ¸ñ·ÏÀÇ º¯°æ »çÇ×À» ÃßÀûÇÒ ¼ö ÀÖ´Â ¹«·á µµ±¸¸¦ °ø°³ÇÑ ¹Ù ÀÖ´Ù.
[°ÃÊÈñ ±âÀÚ(choh@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>




.png)







°ÃÊÈñ±âÀÚ ±â»çº¸±â





































.jpg)


.png)
.png)


.jpg)



.jpg)
