English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 26361
À§Çèµµ 40
Æ÷Æ® 139,445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ÇØ´ç ½Ã½ºÅÛ¿¡´Â Internet Explorer¿¡ ´ëÇÑ 2008³â 6¿ù ´©Àû ÆÐÄ¡(Cumulative Patch)¿ë Hotfix (MS08-031, 950759)°¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù. ÀÌ ÆÐÄ¡´Â ´©Àû ¾÷µ¥ÀÌÆ®ÀÎ º¸¾È °Ô½Ã¹°(MS08-024, 947864)¿¡¼­ Á¦°øµÈ ¾÷µ¥ÀÌÆ®¸¦ ´ëüÇÏ°í »õ·Î ¹ß°ßµÈ ´ÙÀ½ÀÇ °ø°³ Ãë¾àÁ¡¿¡ ´ëÇÑ ÇØ°áÃ¥À» Æ÷ÇÔÇÏ°í ÀÖ´Ù:

- HTML Objects ¸Þ¸ð¸® Á¶ÀÛ Ãë¾àÁ¡ (CVE-2008-1442): Á¤º¸ ³ëÃâ
- Request Header Cross-Domain Á¤º¸ ³ëÃâ Ãë¾àÁ¡ (CVE-2008-1544): ¿ø°Ý ÄÚµå ½ÇÇà

»ç¿ëÀÚ°¡ °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ·Î±×¿ÂÇÑ °æ¿ì, °ø°ÝÀÚ°¡ ÀÌ Ãë¾àÁ¡ÀÇ °¡Àå ½É°¢ÇÑ ºÎºÐÀ» ¼º°øÀûÀ¸·Î ¾Ç¿ëÇÑ´Ù¸é ÇÁ·Î±×·¥ ¼³Ä¡, µ¥ÀÌÅÍ º¸±â, º¯°æ ¶Ç´Â »èÁ¦, ¸ðµç ±ÇÇÑÀ» °¡Áø »õ °èÁ¤ ¸¸µé±â µîÀÇ ÀÛ¾÷À» Æ÷ÇÔÇÏ¿© ÇØ´ç ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Á¦¾îÇÒ ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®ÀÇ ·¹Áö½ºÆ®¸®¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 7
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3
Microsoft Windows Server 2003 SP2
Microsoft Windows Vista
Microsoft Windows Server 2008
ÇØ°áÃ¥ ´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° MS08-031À» ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ´ëÇÑ ÀûÀýÇÑ ÆÐÄ¡(950759)¸¦ Àû¿ëÇÑ´Ù:
http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx

-- ¶Ç´Â --

Windows Ç÷§ÆûµéÀ» À§ÇÑ ÆÐÄ¡µéÀº ¶ÇÇÑ Microsoft Windows Update À¥ »çÀÌÆ®ÀÎ http://windowsupdate.microsoft.com ¿¡¼­µµ ±¸ÇÒ ¼ö ÀÖ´Ù. Windows Update´Â »ç¿ë ÁßÀÎ WindowsÀÇ ¹öÀüÀ» ÀÚµ¿À¸·Î ã¾Æ³»°í ÀûÀýÇÑ ÆÐÄ¡¸¦ Á¦°øÇØ ÁØ´Ù.
°ü·Ã URL CVE-2008-1442,CVE-2008-1544 (CVE)
°ü·Ã URL 29556 (SecurityFocus)
°ü·Ã URL 41411,42692,42693 (ISS)