English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 26861
À§Çèµµ 40
Æ÷Æ® 139.445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ÇØ´ç ½Ã½ºÅÛ¿¡´Â 2021³â 11¿ù Microsoft º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê½À´Ï´Ù. µû¶ó¼­ ´ÙÁß Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36957, CVE-2021-41366, CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42277, CVE-2021-42280, CVE-2021-42283, CVE-2021-42285, CVE-2021-42286)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26443, CVE-2021-38666, CVE-2021-41378, CVE-2021-42275, CVE-2021-42276, CVE-2021-42279)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-42288)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-41356, CVE-2021-42274, CVE-2021-42284)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®¿¡ ·Î±×ÀÎÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://support.microsoft.com/en-us/help/4009469
https://support.microsoft.com/en-us/help/4009470
https://support.microsoft.com/en-us/help/4009471
https://support.microsoft.com/en-us/help/4000825

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016
ÇØ°áÃ¥ ´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° 2021³â 11¿ù Microsoft º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ´ëÇÑ ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù.

https://support.microsoft.com/en-us/help/4009469
https://support.microsoft.com/en-us/help/4009470
https://support.microsoft.com/en-us/help/4009471
https://support.microsoft.com/en-us/help/4000825
-- ¶Ç´Â --
Windows Ç÷§ÆûµéÀ» À§ÇÑ ÆÐÄ¡µéÀº ¶ÇÇÑ Microsoft Windows Update À¥ »çÀÌÆ®ÀÎ http://windowsupdate.microsoft.com ¿¡¼­µµ ±¸ÇÒ ¼ö ÀÖ´Ù. Windows Update´Â »ç¿ë ÁßÀÎ WindowsÀÇ ¹öÀüÀ» ÀÚµ¿À¸·Î ã¾Æ³»°í ÀûÀýÇÑ ÆÐÄ¡¸¦ Á¦°øÇØ ÁØ´Ù.
°ü·Ã URL CVE-2021-26443,CVE-2021-36957,CVE-2021-38631,CVE-2021-38665,CVE-2021-38666,CVE-2021-41351,CVE-2021-41356,CVE-2021-41366,CVE-2021-41367 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)