¿ø°ÝÄÚµå ½ÇÇà °¡´É¼º ÁÖÀÇ...Áö±Ý ¹Ù·Î ÆÐÄ¡Çϼ¼¿ä!
¸¶ÀÌÅ©·Î¼ÒÇÁÆ®´Â 6¿ù 13ÀÏ MS À©µµ¿¡¼ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà µîÀÌ °¡´ÉÇÑ ±ä±Þ 4°Ç, Áß¿ä 1°Ç, º¸Åë 1°Ç µî ÃÑ 6°ÇÀÇ º¸¾ÈÃë¾àÁ¡¿¡ ´ëÇÑ Á¤±â º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù.
ÀÌ¿¡ ±¹°¡»çÀ̹ö¾ÈÀü¼¾ÅÍ´Â ¡°°¢±Þ±â°üÀº ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Á¶¼ÓÈ÷ ¼³Ä¡ÇϽñ⠱ǰíÇÑ´Ù¡±°í ¸»Çß´Ù.
»ó¼¼ÇÑ º¸¾È¾÷µ¥ÀÌÆ® Á¤º¸´Â ´ÙÀ½°ú °°´Ù.
1. MS Visio Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (Áß¿ä,927051)
MS Visio Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ Visio ¹®¼ ¿¶÷½Ã ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Version Number Memory Corruption Vulnerability(CVE-2007-0934)
Visio Document Packaging Vulnerability(CVE-2007-0936)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-030.mspx
2. À©µµ¿ì Schannel º¸¾È ÆÐÅ°Áö Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(±ä±Þ,935840)
Schannel º¸¾È ÆÐÅ°Áö¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ È¨ÆäÀÌÁö¸¦ ¹æ¹®Çϰųª À̸ÞÀÏÀ» ¿¶÷ÇÒ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù. SchannelÀ̶õ À©µµ¿ì¿¡¼ »ç¿ëµÇ´Â º¸¾È ÇÁ·ÎÅäÄݷμ ¸Þ½ÃÁö ¹«°á¼º ¹× ±â¹Ð¼ºÀ» À§ÇØ ÀÎÅÍ³Ý ºê¶ó¿ìÀú¿Í ¼¹ö¿¡ »ç¿ëÇÏ´Â °ÍÀ» ¸»ÇÑ´Ù.
-°ü·Ã Ãë¾àÁ¡
Vulnerability in the Windows Schannel Security Package(CVE-2007-2218)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-031.mspx
3. À©µµ¿ì ºñ½ºÅ¸ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (º¸Åë,931213)
À©µµ¿ì ºñ½ºÅ¸¿¡ Á¤º¸³ëÃâÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ °ø°Ý¿¡ ¼º°øÇÒ °æ¿ì ÇØ´ç ½Ã½ºÅÛÀÇ Á¢±ÙÅëÁ¦¸®½ºÆ®(ACLs) Á¤º¸¸¦ ÀýÃë°¡ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Permissive User Information Store ACLs Information Disclosure Vulnerability(CVE-2007-2229)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-032.mspx
4. ÀÎÅÍ³Ý ÀͽºÇ÷η¯ ´©Àû º¸¾È¾÷µ¥ÀÌÆ® (±ä±Þ,933566)
ÀÎÅÍ³Ý ÀͽºÇ÷η¯¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ È¨ÆäÀÌÁö¸¦ ¹æ¹®ÇÒ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
COM Object Instantiation Memory Corruption Vulnerability(CVE-2007-0218)
CSS Tag Memory Corruption Vulnerability(CVE-2007-1750)
Language Pack Installation Vulnerability(CVE-2007-3027)
Uninitialized Memory Corruption Vulnerability(CVE-2007-1751)
Navigation Cancel Page Spoofing Vulnerability(CVE-2007-1752)
Speech Control Memory Corruption Vulnerability(CVE-2007-2222)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-033.mspx
5. ¾Æ¿ô·è ÀͽºÇÁ·¹½º ¹× À©µµ¿ì ¸ÞÀÏ ´©Àû º¸¾È¾÷µ¥ÀÌÆ® (±ä±Þ,929123)
¾Æ¿ô·è ÀͽºÇÁ·¹½º ¹× À©µµ¿ì ¸ÞÀÏ¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ À̸ÞÀÏÀ» ¿¶÷ÇÒ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
URL Redirect Cross Domain Information Disclosure Vulnerability(CVE-2006-2111)
Windows Mail UNC Navigation Request Remote Code Execution Vulnerability(CVE-2007-1658)
URL Parsing Cross Domain Information Disclosure Vulnerability(CVE-2007-2225)
Content Disposition Parsing Cross Domain Information Disclosure Vulnerability(CVE-2007-2227)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-034.mspx
6. Win32 API Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡ (±ä±Þ,935839)
Win32 API¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ¿¡ ÀÇÇØ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ ÀÎÀÚ°ªÀÌ ÀÔ·ÂµÉ °æ¿ì ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Win32 API Vulnerability(CVE-2007-2219)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-035.mspx
¡á Âü°íÁ¤º¸
Microsoft Update
update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
´Ù¿î·Îµå ¼¾ÅÍ
[±æ¹Î±Ç ±âÀÚ(reporter21@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>