Windows Vista º¸¾È Ãë¾àÁ¡ Summary
¸¶ÀÌÅ©·Î¼ÒÇÁÆ®¿¡¼ »õ·Ó°Ô ³» ³õÀº Â÷¼¼´ë OSü°èÀÎ À©µµ¿ì ºñ½ºÅ¸(Windows Vista)´Â ³»³â ÃÊÂëÀÌ¸é ±â¾÷°ú ÀϹÝÀÎ ¸ðµÎ¿¡°Ô °ø°³µÉ Àü¸ÁÀÌ´Ù. ¹Ý¸é À©µµ¿ì ºñ½ºÅ¸°¡ º¸¾È±â´ÉÀÌ °ÈµÆ´Ù°ï ÇÏÁö¸¸ ¿©ÀüÈ÷ º¸¾È Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù°í º¸¾È¾÷°è °ü°èÀÚµéÀº ¸»ÇÏ°í ÀÖ´Ù. ±×·³ À©µµ¿ì ºñ½ºÅ¸¿¡´Â ¾î¶² º¸¾ÈÃë¾àÁ¡µéÀÌ Á¸ÀçÇÏ°í ÀÖÀ»±î?
Áö³ 8¿ù 8ÀÏ ½Ã¸¸ÅØÀº À©µµ¿ì ºñ½ºÅ¸¿Í °ü·ÃµÈ º¸°í¼¿¡¼ ¡°À©µµ¿ì ºñ½ºÅ¸ÀÇ Ä¿³Î °³¼± ºÎºÐ ³»¿¡¼µµ Ãë¾àÁ¡À» ¹ß°ßÇß´Ù¡±°í ¹àÈ÷°í ¡°MS°¡ ¾ÇÁúÀûÀÎ ÄÚµå·ÎºÎÅÍ ºñ½ºÅ¸ÀÇ Äھ º¸È£Çϱâ À§ÇØ µµÀÔÇÑ ¸¹Àº ¹æ¾îÃ¥Àº ¹«¿ëÁö¹°ÀÌ µÉ ¼ö ÀÖ´Ù¡±°í °æ°íÇß´Ù. Áï Ä¿³Î ÄÚµåÀÇ ÇÙ½É ºÎºÐÀÇ ¹«°á¼ºÀ» üũÇÏ´Â ÆÐÄ¡°¡µå(PatchGuard)¶ó´Â ±â´ÉÀÌ ¹«³ÊÁú ¼ö ÀÖ´Ù´Â ³»¿ëÀ̾ú´Ù.
¶Ç ¿î¿µÃ¼Á¦ÀÇ ÇÙ½É ÆÄÀÏÀ» ÆÐÄ¡ ÇÏ¿© ¼¸íÀÌ ¾ø´Â µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ºñ½ºÅ¸ÀÇ PC»ó¿¡¼ µ¿ÀÛÇÏÁö ¾Êµµ·Ï ÇÏ´Â ¹æ¾î ¸ÞÄ¿´ÏÁòµµ °ø°ÝÀÚ·Î ÀÎÇØ ¹«·Â鵃 ¼ö ÀÖ´Ù°í º¸°í¼´Â ¹àÈ÷°í ÀÖ¾ú´Ù. µå¶óÀ̹öÀÇ °æ¿ì OSÀÇ ÀúÃþ¿¡¼ µ¿ÀÛÇϱ⠶§¹®¿¡ ¾ÇÁúÀûÀÎ °æ¿ì ½É°¢ÇÑ À§ÇèÀÌ ¹ß»ýÇÑ´Ù´Â °Í.
¿©±â¼´Â À©µµ¿ì ºñ½ºÅ¸¿Í °ü·Ã, ¹ßÇ¥µÈ Ãë¾àÁ¡¿¡´Â ¾î¶² °ÍµéÀÌ ÀÖ´ÂÁö °£·«ÇÏ°Ô ¾Ë¾Æº¸µµ·Ï ÇÏ°Ú´Ù.
ÇöÀç Windows Vista¿¡ ´ëÇÑ Ãë¾àÁ¡Àº ã±â°¡ Èûµé´Ù. ¿Ö³ÄÇϸé ÇöÀç ¹ßÇ¥µÇ´Â Ãë¾àÁ¡µé ±â»ç Áß Ãë¾à OSÆÄÆ®¿¡ Vista´Â ³ÖÁö ¾Ê°í Àֱ⠶§¹®ÀÌ´Ù. ºñ½ºÅ¸ Á¤½Ä¹öÀüÀÌ ¾Æ´Ï±â ¶§¹®À̱⵵ ÇÏ´Ù. µû¶ó¼ Ãë¾àÁ¡À» ã±â À§Çؼ´Â MSÀÇ º¸¾È¾÷µ¥ÀÌÆ® ³»¿ëÀ» »ìÇǰųª °¡²û¾¿ º¸ÀÌ´Â ¹ßÇ¥³»¿ëÀ» ã¾ÆºÁ¾ßÇϴµ¥ ±×¸® ¸¹Áø ¾ÊÀº °Í °°´Ù.
ÇöÀç Vista¿¡ ´ëÇÑ ¿¬±¸´Â Ãë¾àÁ¡À» ã´Â °Íº¸´Ù´Â VistaÀÚü ¹æ¾î ¸ÞÄ¿´ÏÁò¿¡ ´ëÇÑ ¿¬±¸°¡ Áß½ÉÀÌ´Ù. µû¶ó¼ ÇöÀç ³ª¿Í ÀÖ´Â Ãë¾àÁ¡µéµµ Vista¸¸ÀÇ Ãë¾àÁ¡À̶ó°í º¼ ¼ö´Â ¾ø°í, ±× Àü À©µµ¿ìµé¿¡µµ Á¸ÀçÇÏ´ø Ãë¾àÁ¡ÀÌ Vista¿¡ Àû¿ëµÇ´ÂÁö¸¦ È®ÀÎÇÏ´Â Â÷¿øÀ̶ó°í º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
¡ÞÀ©µµ¿ì ºñ½ºÅ¸ Ãë¾àÁ¡ ¿¬±¸ ¹ßÇ¥³»¿ë
1. ASLR(Address Space Layout Randomize)
-Beta2¿¡¼ºÎÅÍ ASLR(address space layout randomize)À» äÅÃÇß´Ù.
-OS¿Í ÇÔ²² ¼³Ä¡µÈ ¸ðµç EXE¿Í DLLµéÀÌ ¸ðµÎ ·£´ýÈ µÆ´Ù.
´Ü ·£´ýÈ °³¼ö°¡ 256°³¿¡ ºÒ°úÇѵ¥´Ù, Windows¿¡¼´Â ±× Áß 32°³¸¸À» »ç¿ëÇÏ¿© bruteforcing °ø°ÝÀÇ °¡´É¼ºÀÌ ³óÈÄÇÏ´Ù. ±×·¡¼ BOF(buffer overflow) µîÀÇ ±âÁ¸ °ø°Ý¹æ¹ý »ç¿ëÀÌ °¡´ÉÇÏ´Ù.
2. Kernel-Mode Security
Vista¿¡´Â ´ÙÀ½°ú °°Àº »õ·Î¿î kernel-mode security featureµéÀÌ ÀÖ´Ù. À̵éÀ» ÀÌ¿ëÇØ Vista´Â ¾ÇÀÇÀûÀÎ Äڵ尡 OSÄ¿³Î¿¡ accessÇÏ´Â °ÍÀ» ¸·À» ¼ö ÀÖ´Ù.
¤ýDriver signing
¤ýPatchGuard
¤ýKernel-mode code integrity checks
¤ýOptional support for secure Bootup using a TPM handmade chip
¤ýRestricted user-mode access to \device\PhysicalMemory
±×·¯³ª, ´ÙÀ½°ú °°Àº °ø°Ý ¹æ¹ýÀÌ °¡´ÉÇÏ´Ù.
1) Kernel-Mode Network Drivers
Vista´Â ³×Æ®¿öÅ© ÇÁ·ÎÅäÄÝÀ» ´Ù·ç±â À§ÇØ »ç¿ëÇÏ´Â Kernel-mode driverµéÀ» »ç¿ëÇϴµ¥, ¸¸¾à À̵鿡 Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù¸é Driver SigningÀº °ø°ÝÀÚ¸¦ ¹æÇØÇÒ ¼ö ¾ø´Ù.
2) Disabling Driver Signing and Code Integrity
NTOSKRNL.EXE¿Í WINLOAD.EXE¸¦ ÆÐÄ¡ÇÔÀ¸·Î½á Driver signing°ú Code integrity¸¦ ½ÇÇàÇÒ ¼ö ¾ø°Ô ÇÒ ¼ö ÀÖ´Ù. Visata¿¡¼´Â ÀÌ°ÍÀ» WRP(Windows Resource Protection)·Î ¸·°í ÀÖ´Ù. WRP´Â AdministratorÀ̳ª LocalSystemonly°¡ ¾µ ¼ö ¾ø°í TrustedInstaller¸¸ÀÌ °¡´ÉÇϵµ·Ï ½Ã½ºÅÛ ÆÄÀϵ鿡 ACLs¸¦ ¼³Á¤ÇÑ´Ù.
ÇÏÁö¸¸, ´ÙÀ½°ú °°Àº ´Ü°è·Î WRP¸¦ ¹«·ÂÈ ½Ãų ¼ö ÀÖ´Ù. ¿ì¼± SeTakeOwnership ±ÇÇÑÀ» ½ÇÇàÇÏ°Ô ÇÏ°í, µÎ ¹ø°·Î WRP-protected fileÀ̳ª registery keyÀÇ ¼ÒÀ¯±ÇÀ» °¡Á®¿Â´Ù. ¸¶Áö¸·À¸·Î AdministratorsÀÇ Àüü±ÇÇÑÀ» °¡Á®¿Â´Ù. ÀÌ °úÁ¤µéÀº AdjustTokenPrivileges¿Í SetNamedSecurityInfo APIµéÀ» »ç¿ëÇØ ½ÇÇàÇÒ ¼ö ÀÖ´Ù. ÀÌ·¸°Ô ÇÑ ÈÄ °ø°ÝÀÚ´Â µð½ºÅ©ÀÇ ¹ÙÀ̳ʸ®¸¦ ÆÐÄ¡ÇÒ ¼ö ÀÖ´Ù.
3) loading unsigned code into Vista Beta 2 kernel (x64), without requiring a reboot
ÀÌ°ÍÀº ºí·¢ ÇÞ(Black Hat) ÄÁÆÛ·±½º¿¡¼ Joanna Rutkowska°¡ ½Ã¿¬ÇÑ ³»¿ëÀÌ´Ù.
Joanna´Â ÀÌ ¹ßÇ¥¿¡¼ ¿ì¼± ºñ½ºÅ¸ º£Å¸2 Ä¿³Î x64¿¡ ÀÓÀÇÀÇ Äڵ带 »ðÀÔÇÏ°í, ±×·¡¼ ´ÜÁö µðÁöÅÐ ¼¸íÀ» ¹ÞÀº Äڵ常ÀÌ Ä¿³Î¿¡ ÀûÀçµÇµµ·Ï Çã¿ëÇÏ´Â VistaÀÇ Á¤Ã¥À» È¿À²ÀûÀ¸·Î ¿ìȸÇÏ´Â ¹æ¹ýÀ» Á¦½ÃÇÏ°í ÀÖ´Ù. ÀÌ ¹ßÇ¥¿¡¼ Á¦½ÃµÈ °ø°ÝÀº ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÏÁö ¾Ê¾Æµµ µÈ´Ù. ÇÏÁö¸¸ Windows Vista RC2 x64¿¡¼´Â °ø°ÝÇÒ ¼ö ¾ø¾ú´Ù°í ÇÑ´Ù.
¡Þ ¹ßÇ¥µÈ Ãë¾àÁ¡ Á¤¸®
1. MS Security Update for Windows Vista Bet1 and Windows Vista December CTP (KB912919)
°ø°ÝÀÚ°¡ ¿ø°ÝÀ¸·Î Windows ±â¹ÝÀÇ ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Àå¾ÇÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â ¿ø°Ý ÄÚµå ½ÇÇà ¹®Á¦°¡ GRE(Graphics Rendering Engine)¿¡¼ È®ÀεǾú´Ù.
<°ü·ÃµÈ Ãë¾àÁ¡>
Graphics Rendering Engine Vulnerability - CVE-2005-4560
2. MS Cumulative Update for Internet Explorer for Windows Vista Beta 2 (KB918899)
°ø°ÝÀÚ°¡ Microsoft Internet Explorer°¡ ½ÇÇàµÇ´Â ÄÄÇ»Å͸¦ ¿ÏÀüÈ÷ Àå¾ÇÇÒ ¼ö ÀÖ´Â º¸¾È ¹®Á¦°¡ È®ÀεǾú´Ù.
<°ü·ÃµÈ Ãë¾àÁ¡>
Multiple Event Handler Memory Corruption Vulnerability
DHTML Method Call Memory Corruption Vulnerability
COM Object Instantiation Memory Corruption Vulnerability
JPEG Image Rendering Memory Corruption Vulnerability
3. Windows IpV6 Land attack
À©µµ¿ì ¹æȺ®ÀÌ ºñÈ°¼ºÈµÇ¾î ÀÖ´Â Windows XP SP2, 2003 Server SP1, ¹× Longhorn(Vista)¿¡ÀÇ IPv6Àº SYN flag°¡ ¼³Á¤µÇ¾î ÀÖ´Â TCP ÆÐŶÀ» ÅëÇØ °ø°ÝÀÚ°¡ ¼ºñ½º °ÅºÎ °ø°ÝÀ» ÇÒ ¼ö ÀÖ´Ù. ÀÌ°ÍÀº CVE-2005-0688¿Í CVE-1999-0016ÀÇ º¯ÇüµÈ º¸¾È ¹®Á¦Á¡ÀÌ´Ù.
http://www.securityfocus.com/archive/1/400188
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1649
4. MS Security Update for Windows Vista Beta 2 and Windows Codename Longhorn Server Beta 2 (KB917422)
°ø°ÝÀÚ°¡ Windows ±â¹ÝÀÇ ½Ã½ºÅÛÀ» Àå¾ÇÇÒ ¼ö ÀÖ´Â º¸¾È Ãë¾àÁ¡ÀÌ Ä¿³Î¿¡¼ È®ÀεǾú´Ù.
<°ü·ÃµÈ Ãë¾àÁ¡>
User Profile Elevation of Privilege Vulnerability - CVE-2006-3443:
Unhandled Exception Vulnerability - CVE-2006-3648:
[±æ¹Î±Ç ±âÀÚ(reporter21@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>