¡à °³¿ä
o À©µµ¿ì µµ¿ò¸» ¹× Áö¿ø ¼¾ÅÍ(helpctr.exe)°¡ HCP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â URLÀ» ºÎÀûÀýÇÏ°Ô
°ËÁõÇÔÀ¸·Î ÀÎÇØ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß»ý [1, 2, 4]
¡Ø µµ¿ò¸» ¹× Áö¿ø ¼¾ÅÍ (Help and Support Center) : À©µµ¿ìÀÇ ´Ù¾çÇÑ ±â´É¿¡ ´ëÇÑ µµ¿ò¸»À»
Á¦°øÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥
¡Ø HCP ÇÁ·ÎÅäÄÝ : "µµ¿ò¸» ¹× Áö¿ø ¼¾ÅÍ"¿¡¼ URL ¸µÅ©¸¦ ½ÇÇàÇϱâ À§ÇÑ HTTP¿Í À¯»çÇÑ
ÇÁ·ÎÅäÄÝ ("http://"´ë½Å¿¡ "hcp://"¶ó´Â Á¢µÎ»ç¸¦ »ç¿ë)
o °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛµÈ ÄÜÅÙÆ®·Î ±¸¼ºµÈ ¾ÇÀÇÀûÀÎ À¥ »çÀÌÆ®¸¦ ±¸¼ºÇÑ ÈÄ, ½ºÆÔ ¸ÞÀÏÀ̳ª
¸Þ½ÅÀúÀÇ ¸µÅ©¸¦ ÅëÇØ »ç¿ëÀÚ°¡ ÇØ´ç »çÀÌÆ®¿¡ ¹æ¹®Çϵµ·Ï À¯µµÇÏ¿© ¾Ç¼ºÄڵ带 À¯Æ÷ °¡´ÉÇÔ [1]
o Ãë¾àÁ¡À» °ø°ÝÇÏ´Â °³³äÁõ¸íÄڵ尡 °ø°³[5]µÇ¾úÀ¸¹Ç·Î »ç¿ëÀÚÀÇ °¢º°ÇÑ ÁÖÀÇ°¡ ¿ä±¸µÊ
¡à ÇØ´ç ½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î [1]
- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems
o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î [1]
- Microsoft Windows 2000 SP4
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
¡à ±ÇÀå Á¶Ä¡ ¹æ¾È
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o Àӽà ÇØ°á¹æ¾ÈÀ¸·Î HCP ÇÁ·ÎÅäÄÝ µî·ÏÀ» ÇØÁ¦
- Microsoft ±â¼úÀÚ·á¹®¼[7]¿¡ "¼öÁ¤ Áö¿ø" ¼½¼ÇÀÇ "Microsoft Fix it 50459" À§ÀÇ ¸µÅ©¸¦
Ŭ¸¯ÇÏ¿© ÆÄÀÏ ´Ù¿î·Îµå ÈÄ ¼³Ä¡
¡Ø HCP ÇÁ·ÎÅäÄÝÀÇ µî·ÏÀ» ÇØÁ¦Çϸé hcp://¸¦ »ç¿ëÇÏ´Â ¸ðµç µµ¿ò¸» ¸µÅ©°¡ µ¿ÀÛÇÏÁö
¾ÊÀ¸¸ç ¿ø»óÅ·Πº¹±¸Çϱâ À§Çؼ´Â "Microsoft Fix it 50460"¸¦ Àû¿ë
- Ãë¾àÁ¡ °ø°³ÀÚ°¡ Á¦¾ÈÇÑ Àӽà Á¶Ä¡ ¹æ¾È[5]Àº ½±°Ô ¿ìȸµÉ ¼ö ÀÖÀ¸¹Ç·Î, MS¿¡¼´Â
±ÇÀåÇÏÁö ¾ÊÀ½[3]
o KrCERT/CC¿Í MSº¸¾È ¾÷µ¥ÀÌÆ® »çÀÌÆ®[6]¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϰųª ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ¼³Á¤
¡Ø ÀÚµ¿¾÷µ¥ÀÌÆ® ¼³Á¤ ¹æ¹ý: ½ÃÀÛ¡æÁ¦¾îÆǡ溸¾È¼¾ÅÍ¡æÀÚµ¿¾÷µ¥ÀÌÆ®¡æÀÚµ¿(±ÇÀå) ¼±ÅÃ
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
- ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈÇÏ°í °³ÀιæȺ®À» ¹Ýµå½Ã »ç¿ë
- »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®ÀÇ ¹æ¹® ÀÚÁ¦
- Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ ¸µÅ© Ŭ¸¯Çϰųª ÷ºÎÆÄÀÏ ¿¾îº¸±â ÀÚÁ¦
[Âü°í»çÀÌÆ®]
[1] http://www.microsoft.com/technet/security/advisory/2219475.mspx
[2] http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
[3] http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx
[4] http://www.theregister.co.uk/2010/06/10/windows_help_bug/
[5] http://seclists.org/fulldisclosure/2010/Jun/205
[6] http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ko
[7] http://support.microsoft.com/kb/2219475
|
|
|
