¿¢¼¿, ¿öµå µî MS ¿ÀÇǽº °ü·Ã ÃÖ¾àÁ¡ 7°Ç ¹ßÇ¥
Áö±Ý Áï½Ã ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÇÇØ Â÷´ÜÇÒ ¼ö ÀÖ´Ù
¸¶ÀÌÅ©·Î¼ÒÇÁÆ®(ÀÌÇÏ MS)´Â 9ÀÏ MS À©µµ¿¡¼ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà µîÀÌ °¡´ÉÇÑ 7°ÇÀÇ ±ä±Þ º¸¾ÈÃë¾àÁ¡¿¡ ´ëÇÑ Á¤±â º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ÀÌ¿ëÀÚµéÀº ½Å¼ÓÈ÷ ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
±¹°¡»çÀ̹ö¾ÈÀü¼¾ÅÍ °ü°èÀÚ´Â ¡°°¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Á¶¼ÓÈ÷ ¼³Ä¡ÇØ ÇÇÇØ°¡ ¾øµµ·Ï ÇØ¾ß ÇÑ´Ù¡±°í °Á¶Çß´Ù.
¾Æ·¡´Â À̹ø¿¡ ¹ßÇ¥µÈ Ãë¾àÁ¡¿¡ ´ëÇÑ °£·«ÇÑ ¼³¸íÀÌ´Ù.
1. MS Excel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 934233)
MS Excel Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ Excel ¹®¼ ¿¶÷½Ã ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- Excel BIFF Record Vulnerability(CVE-2007-0215)
- Excel Set Font Vulnerability(CVE-2007-1203)
- Excel Filter Record Vulnerability(CVE-2007-1214)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-023.mspx
2. MS Word Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 934232)
MS Word Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ Word ¹®¼ ¿¶÷½Ã ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- Word Array Overflow Vulnerability(CVE-2007-0035)
- Word Document Stream Vulnerability(CVE-2007-0870)
- Word RTF Parsing Vulnerability(CVE-2007-1202)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-024.mspx
3. MS Office Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 934873)
MS Word Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ Office ÆÄÀÏÀ» ¿¶÷ÇÒ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- Drawing Object Vulnerability(CVE-2007-1747)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-025.mspx
4. MS Exchange Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 931832)
MS Word Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ¿¡ ÀÇÇØ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ À̸ÞÀÏÀ» ¿¶÷ÇÒ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- Outlook Web Access Script Injection Vulnerability(CVE-2007-0220)
- Malformed iCal Vulnerability(CVE-2007-0039)
- MIME Decoding Vulnerability(CVE-2007-0213)
- IMAP Literal Processing Vulnerability(CVE-2007-0221)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-026.mspx
5. Internet Explorer ´©Àû º¸¾È¾÷µ¥ÀÌÆ® (±ä±Þ, 931768)
ÀÎÅÍ³Ý ÀͽºÇ÷η¯¿¡¼ COM °´Ã¼ µîÀ» 󸮽à ¿ø°ÝÄڵ尡 ½ÇÇà°¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚÀÇ ¾ÇÀÇÀûÀΠȨÆäÀÌÁö ¹æ¹®½Ã ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- COM Object Instantiation Memory Corruption Vulnerability(CVE-2007-0942)
- Uninitialized Memory Corruption Vulnerability(CVE-2007-0944)
- Property Memory Corruption Vulnerability(CVE-2007-0945)
- HTML Objects Memory Corruption Vulnerability(CVE-2007-0946, CVE-2007-0947)
- Arbitrary File Rewrite Vulnerability(CVE-2007-2221)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-027.mspx
6. CAPICOM Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 931906)
MS À©µµ CAPICOM ³»ºÎ¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ¿¡ ÀÇÇØ Ãë¾àÁ¡ °ø°ÝÀÌ ¼º°øÇÒ °æ¿ì, ¿µÇâ¹Þ´Â ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Àå¾ÇÇÒ °¡´É¼ºÀÌ ÀÖ´Ù.
Cryptographic API Component Object Model(CAPICOM)¶õ MS Visual C++°ú °°Àº ¼·Î ´Ù¸¥ ´Ù¾çÇÑ ÇÁ·Î±×·¡¹Ö ¾ð¾î¸¦ »ç¿ëÇØ Á¦ÀÛµÈ ÀÀ¿ë ÇÁ·Î±×·¥¿¡¼ ±âº»ÀûÀÎ ¾ÏÈ£È ÀÛ¾÷À» ¼öÇàÇϱâ À§ÇØ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- CAPICOM.Certificates Vulnerability(CVE-2007-0940)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-028.mspx
7. DNS RPC Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ, 935966)
MS À©µµÀÇ DNS ¼ºñ½º¸¦ À§ÇØ »ç¿ëµÇ´Â RPC ÀÎÅÍÆäÀ̽º¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ¿¡ ÀÇÇØ Ãë¾àÁ¡ °ø°ÝÀÌ ¼º°øÇÒ °æ¿ì, ¿µÇâ¹Þ´Â ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Àå¾ÇÇÒ °¡´É¼ºÀÌ ÀÖ´Ù.
RPC(Remote Procedure Call)¶õ ¿ø°ÝÀÇ ÄÄÇ»ÅÍ¿¡¼ ½ÇÇàÁßÀÎ ÇÁ·Î±×·¥ÀÇ ¼ºñ½º¸¦ È£ÃâÇÒ ¶§ »ç¿ëµÇ´Â ÇÁ·ÎÅäÄÝÀÌ´Ù.
<°ü·Ã Ãë¾àÁ¡>
- DNS RPC Management Vulnerability(CVE-2007-1748)
<°ü·Ã»çÀÌÆ®>
www.microsoft.com/technet/security/bulletin/MS07-029.mspx
ÃÖ±Ù ÃÖ¾àÁ¡ ¹ßÇ¥¿Í µ¿½Ã¿¡ °ø°ÝÀÌ ½ÇÇàµÇ´Â Á¦·Îµ¥ÀÌ °ø°ÝÀÌ ¼ºÇàÇÏ°í Àֱ⠶§¹®¿¡ Áö±Ý Áï½Ã ¾Æ·¡ ȨÆäÀÌÁö·Î µé¾î°¡ ¾÷µ¥ÀÌÆ®µÈ º¸¾ÈÆÐÄ¡¸¦ ½ÇÇàÇØ¾ß ÇÇÇظ¦ ¸·À» ¼ö ÀÖ´Ù.
<Microsoft Update>
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
<´Ù¿î·Îµå ¼¾ÅÍ>
[±æ¹Î±Ç ±âÀÚ(reporter21@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>