¸¶ÀÌÅ©·Î¼ÒÇÁÆ®´Â 7¿ù 11ÀÏ MS À©µµ¿¡¼ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà µîÀÌ °¡´ÉÇÑ ±ä±Þ 3°Ç, Áß¿ä 2°Ç º¸Åë 1°Ç ÃÑ 6°ÇÀÇ º¸¾ÈÃë¾àÁ¡¿¡ ´ëÇÑ Á¤±â º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ÀÌ¿¡ ±¹°¡»çÀ̹ö¾ÈÀü¼¾ÅÍ´Â °¢±Þ ±â°üÀÌ ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ½Å¼ÓÇÏ°Ô ¼³Ä¡ÇÒ °ÍÀ» ±Ç°íÇß´Ù.
º¸¾È ¾÷µ¥ÀÌÆ®¿¡ Æ÷ÇÔµÈ Ãë¾àÁ¡ ¹× °ü·Ã »çÀÌÆ®´Â ¾Æ·¡¿Í °°´Ù.
1. MS Excel Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(±ä±Þ)
MS Excel Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛµÈ Excel ¹®¼¸¦ ¿¶÷ÇÒ °æ¿ì ½Ã½ºÅÛ Á¦¾î±ÇÀÌ Å»Ãë´çÇÒ ¼ö ÀÖ´Ù.
-°ü·Ã Ãë¾àÁ¡
Calculation Error Vulnerability(CVE-2007-1756)
Worksheet Memory Corruption Vulnerability(CVE-2007-3029)
Workbook Memory Corruption Vulnerability(CVE-2007-3030)
-°ü·Ã»çÀÌÆ®
http://www.microsoft.com/technet/security/bulletin/MS07-036.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-036.mspx
2. MS Office Publisher 2007 Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(Áß¿ä)
MS Office Publisher 2007 Á¦Ç°¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀ¸·Î Á¦ÀÛÇÑ À̸ÞÀÏ ¶Ç´Â Publisher À¥ÆäÀÌÁö¸¦ ÅëÇØ ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Publisher Invalid Memory Reference Vulnerability(CVE-2007-1754)
-°ü·Ã»çÀÌÆ®
www.microsoft.com/technet/security/bulletin/MS07-037.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-037.mspx
3. À©µµ¿ì ºñ½ºÅ¸ ¹æȺ® Ãë¾àÁ¡À¸·Î ÀÎÇÑ Á¤º¸ À¯Ãâ ¹®Á¦Á¡(º¸Åë)
À©µµ¿ì ºñ½ºÅ¸ÀÇ ¹æȺ®¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â ³×Æ®¿öÅ©¸¦ ÅëÇØ ¿ø°Ý¿¡¼ Ãë¾àÇÑ ½Ã½ºÅÛÀÇ Á¤º¸¸¦ ÀýÃë°¡ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability(CVE-2007-3038)
-°ü·Ã»çÀÌÆ®
http://www.microsoft.com/technet/security/bulletin/MS07-038.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-038.mspx
4. MS À©µµ¿ì Active Directory Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(±ä±Þ)
MS À©µµ¿ì Active Directory ¼ºñ½º¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â ¼ºñ½º °ÅºÎ °ø°Ý ¹× ¾Ç¼ºÄÚµå À¯Æ÷¸¦ ÅëÇØ Ãë¾àÇÑ ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
Windows Active Directory Remote Code Execution Vulnerability(CVE-2007-0040)
Windows Active Directory Denial of Service Vulnerability(CVE-2007-3028)
-°ü·Ã»çÀÌÆ®
http://www.microsoft.com/technet/security/bulletin/MS07-039.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-039.mspx
5. .NET Framework Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(±ä±Þ)
.NET Framework ¹× NET Framework Just-In-Time Compiler µî¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀÚ´Â ¾Ç¼ºÄÚµå À¯Æ÷ µîÀ» ÅëÇØ ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
.NET PE Loader Vulnerability(CVE-2007-0041)
ASP.NET Null Byte Termination Vulnerability(CVE-2007-0042)
.NET JIT Vulnerability(CVE-2007-0043)
-°ü·Ã»çÀÌÆ®
http://www.microsoft.com/technet/security/bulletin/MS07-040.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-040.mspx
6. MS Internet Information Services Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°ÝÄÚµå½ÇÇà ¹®Á¦Á¡(Áß¿ä)
MS IIS¿¡ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© °ø°ÝÀڴ ƯÁ¤ URL 󸮸¦ ¿äû, ¾Ç¼ºÄÚµå ¼³Ä¡ µî Ãë¾àÇÑ ½Ã½ºÅÛ Àå¾ÇÀÌ °¡´ÉÇÏ´Ù.
-°ü·Ã Ãë¾àÁ¡
IIS Memory Request Vulnerability(CVE-2005-4360)
-°ü·Ã»çÀÌÆ®
http://www.microsoft.com/technet/security/bulletin/MS07-041.mspx
http://www.microsoft.com/korea/technet/security/bulletin/MS07-041.mspx
<Microsoft Update>
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
<´Ù¿î·Îµå ¼¾ÅÍ>
[±æ¹Î±Ç ±âÀÚ(reporter21@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>