ViRobot

하우리샵 바로가기

보안공지

[MS 보안업데이트] 2017년 3월 MS 정기 보안업데이트 권고
등록일 : 2017.03.15

1. [MS17-006] Internet Explorer용 누적 보안 업데이트

2. [MS17-007] Edge용 누적 보안 업데이트

3. [MS17-008] Windows Hyper-V용 보안 업데이트

4. [MS17-009] Windows PDF 라이브러리용 보안 업데이트

5. [MS17-010] Windows SMB 서버용 보안 업데이트

6. [MS17-011] Uniscribe용 보안 업데이트

7. [MS17-012] Windows용 보안 업데이트

8. [MS17-013] 그래픽 구성 요소용 보안 업데이트

9. [MS17-014] Office용 보안 업데이트

10. [MS17-015] Exchange Server용 보안 업데이트

11. [MS17-016] IIS용 보안 업데이트

12. [MS17-017] Windows 커널용 보안 업데이트

13. [MS17-018] Windows 커널 모드 드라이버용 보안 업데이트

14. [MS17-019] ADFS용 보안 업데이트

15. [MS17-020] Windows DVD Maker 보안 업데이트

16. [MS17-021] Windows DirectShow용 업데이트

17. [MS17-022] XML Core Service용 업데이트

18. [MS17-023] Adobe Flash Player용 보안 업데이트

 

 

 

 

1. [MS17-006] Internet Explorer용 누적 보안 업데이트

□ 설명

- 사용자가 특수하게 제작된 웹 페이지에 접속할 경우 원격 코드가 실행될 수 있는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Internet Explorer Information Disclosure Vulnerability - CVE-2017-0008, CVE-2017-0059

- Microsoft Browser Information Disclosure Vulnerability - CVE-2017-0009

- Internet Explorer Memory Corruption Vulnerability - CVE-2017-0018, CVE-2017-0149

- Microsoft Browser Memory Corruption Vulnerability- CVE-2017-0037

- Microsoft Browser Spoofing Vulnerability - CVE-2017-0012, CVE-2017-0033

- Scripting Engine Memory Corruption Vulnerability - CVE-2017-0040, CVE-2017-0130

- Scripting Engine Information Disclosure Vulnerability - CVE-2017-0049

- Internet Explorer Elevation of Privilege Vulnerability - CVE-2017-0154

 

 

□ 영향을 받는 소프트웨어

[Internet Explorer 9]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Internet Explorer 11]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

- Windows RT 8.1

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

- Windows Server 2016 for x64-based Systems

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/ms17-006

 

 

 

 

2. [MS17-007] Edge용 누적 보안 업데이트

□ 설명

- 사용자가 Microsoft Edge를 사용하여 특수하게 제작된 웹 페이지에 접속할 경우, 원격 코드 실행을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Scripting Engine Memory Corruption Vulnerability - CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131 ~ 0134, CVE-2017-0136 ~ 0138, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151

- Microsoft Browser Information Disclosure Vulnerability - CVE-2017-0009, CVE-2017-0065

- Microsoft Edge Information Disclosure Vulnerability - CVE-2017-0011, CVE-2017-0017, CVE-2017-0068

- Microsoft Browser Spoofing Vulnerability - CVE-2017-0012, CVE-2017-0033

- Microsoft Edge Spoofing Vulnerability -  CVE-2017-0069

- Microsoft Browser Memory Corruption Vulnerability CVE-2017-0037

- Microsoft PDF Memory Corruption Vulnerability CVE - 2017-0023

- Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-0066, CVE-2017-0135, CVE-2017-0140

- Microsoft Edge Memory Corruption Vulnerability - CVE-2017-0034

 

 

□ 영향을 받는 소프트웨어

[Microsoft Edge]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-007

 

 

 

 

3. [MS17-008] Windows Hyper-V용 보안 업데이트

□ 설명

- 공격자가 Hyper-V 호스트 운영 체제에서 특수하게 제작된 응용 프로그램을 실행할 경우, 원격 코드 실행을 허용할 수 있는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Microsoft Hyper-V Network Switch Denial of Service Vulnerability - CVE-2017-0051

- Hyper-V Denial of Service Vulnerability - CVE-2017-0074, CVE-2017-0076, CVE-2017-0097 ~ 0099

- Hyper-V vSMB Remote Code Execution Vulnerability - CVE-2017-0021, CVE-2017-0095

- Hyper-V Information Disclosure Vulnerability – CVE-2017-0096

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows 10]

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-008

 

 

 

 

4. [MS17-009] Windows PDF 라이브러리용 보안 업데이트

□ 설명

- 사용자가 특수하게 제작된 PDF 콘텐츠를 열람하는 경우, 원격 코드 실행을 허용할 수 있는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Microsoft PDF Memory Corruption Vulnerability - CVE–2017-0023

 

 

□ 영향을 받는 소프트웨어

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-009

 

 

 

 

5. [MS17-010] Windows SMB 서버용 보안 업데이트

□ 설명

- 공격자가 Windows SMBv1 서버에 특수 제작된 악성 메시지를 보낼 경우, 원격코드 실행을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Windows SMB Remote Code Execution Vulnerability - CVE-2017-0143 ~ 0146, CVE-2017-0148

- Windows SMB Information Disclosure Vulnerability – CVE-2017-0147

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-010

 

 

 

 

6. [MS17-011] Uniscribe용 보안 업데이트

□ 설명

- 사용자가 특수하게 제작된 악성 웹 사이트를 방문하거나 특수 제작된 악성 문서를 열람하는 경우, 원격 코드 실행을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Windows Uniscribe Remote Code Execution Vulnerability - CVE-2017-0072, CVE-2017-0083 ~ 0090

- Windows Uniscribe Information Disclosure Vulnerability - CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111 ~ 0128

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-011

 

 

 

 

7. [MS17-012] Windows용 보안 업데이트

□ 설명

- 공격자가 특수 제작된 요청을 실행하거나 클라이언트에서 입력한 데이터의 검증이 제대로 이루어지지 않을 경우, 원격코드 실행이 허용되는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Device Guard Security Feature Bypass Vulnerability – CVE-2017-0007

- SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability – CVE-2017-0016

- Windows DLL Loading Remote Code Execution Vulnerability – CVE-2017-0039

- Windows DNS Query Information Disclosure Vulnerability – CVE-2017-0057

- Windows HelpPane Elevation of Privilege Vulnerability - CVE-2017-0100

- iSNS Server Memory Corruption Vulnerability - CVE-2017-0104

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-012

 

 

 

 

8. [MS17-013] 그래픽 구성 요소용 보안 업데이트

□ 설명

- 사용자가 특수하게 제작된 악성 웹 사이트를 방분하거나 특수 제작된 악성 문서를 열람하는 경우, 원격코드 실행을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Windows GDI Elevation of Privilege Vulnerability - CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047

- Windows Graphics Component Information Disclosure Vulnerability – CVE-2017-0038

- GDI+ Information Disclosure Vulnerability - CVE-2017-0060, CVE-2017-0062, CVE-2017-0073

- Microsoft Color Management Information Disclosure Vulnerability - CVE-2017-0061, CVE-2017-0063

- Graphics Component Remote Code Execution Vulnerability - CVE-2017-0108, CVE-2017-0014

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Microsoft Office 2007]

- Microsoft Office 2007 Service Pack 3

 

 

[Microsoft Office 2010]

- Microsoft Office 2010 Service Pack 2 (32-bit editions)

- Microsoft Office 2010 Service Pack 2 (64-bit editions)

 

 

[Skype for Business 2016]

- Skype for Business 2016 (32-bit editions)

- Skype for Business 2016 (64-bit editions)

 

 

[Microsoft Lync 2013]

- Microsoft Lync 2013 Service Pack 1 (32-bit)(Skype for Business)

- Microsoft Lync Basic 2013 Service Pack 1 (32-bit)(Skype for Business Basic)

 

 

[Microsoft Lync 2010]

- Microsoft Lync 2010 (32-bit)

- Microsoft Lync 2010 Attendee

 

 

[Microsoft Live Meeting 2007 Console]

- Microsoft Live Meeting 2007 Console

- Microsoft Live Meeting 2007 Add-in

 

 

[Microsoft Developer Tools and Software]

- Microsoft Silverlight 5

- Microsoft Silverlight 5 Developer Runtime

 

 

[Other Office Software]

- Microsoft Word Viewer

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-013

 

 

 

 

9. [MS17-014] Office용 보안 업데이트

□ 설명

- 사용자가 특수하게 제작된 악성 Office 파일을 실행하는 경우, 원격 코드 실행을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Microsoft Office Memory Corruption Vulnerability - CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053

- Microsoft Office Information Disclosure Vulnerability – CVE-2017-0027

- Microsoft Office Denial of Service Vulnerability – CVE-2017-0029

- Microsoft Office Information Disclosure Vulnerability – CVE-2017-0105

- Microsoft SharePoint XSS Vulnerability – CVE-2017-0107

- Microsoft Lync for Mac Certificate Validation Vulnerability – CVE-2017-0129

 

 

□ 영향을 받는 소프트웨어

[Microsoft Office 2007]

- Microsoft Excel 2007 Service Pack 3

- Microsoft Office 2007 Service Pack 3

 

 

[Microsoft Office 2010]

- Microsoft Office 2010 Service Pack 2 (32-bit editions)

- Microsoft Office 2010 Service Pack 2 (64-bit editions)

- Microsoft Excel 2010 Service Pack 2 (32-bit editions)

- Microsoft Excel 2010 Service Pack 2 (64-bit editions)

- Microsoft Word 2010 Service Pack 2 (32-bit editions)

- Microsoft Word 2010 Service Pack 2 (64-bit editions)

 

 

[Microsoft Office 2013]

- Microsoft Excel 2013 Service Pack 1 (32-bit editions)

- Microsoft Excel 2013 Service Pack 1 (64-bit editions)

- Microsoft Word 2013 Service Pack 1 (32-bit editions)

- Microsoft Word 2013 Service Pack 1 (64-bit editions)

 

 

[Microsoft Office 2013 RT]

- Microsoft Excel 2013 RT Service Pack 1

- Microsoft Word 2013 RT Service Pack 1

 

 

[Microsoft Office 2016]

- Microsoft Excel 2016 (32-bit edition)

- Microsoft Excel 2016 (64-bit edition)

- Microsoft Word 2016 (32-bit edition)

- Microsoft Word 2016 (64-bit edition)

 

 

[Microsoft Office for Mac 2011]

- Microsoft Excel for Mac 2011

- Microsoft Office for Mac 2011

 

 

[Microsoft Office 2016 for Mac]

- Microsoft Office 2016 for Mac

- Microsoft Excel 2016 for Mac

 

 

[Microsoft SharePoint Server 2007]

- Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit edition)

- Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit edition)

 

 

[Microsoft SharePoint Server 2010]

- Excel Services on Microsoft SharePoint Server 2010 Service Pack 2

- Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2

 

 

[Microsoft SharePoint Server 2013]

- Excel Services on Microsoft SharePoint Server 2013 Service Pack 1

- Microsoft SharePoint Foundation 2013 Service Pack 1

 

 

[Microsoft Office Web Apps 2010]

- Microsoft Office Web Apps 2010 Service Pack 2

 

 

[Microsoft Office Web Apps 2013]

- Microsoft Office Web Apps Server 2013 Service Pack 1

 

 

[Microsoft Lync for Mac]

- Microsoft Lync for Mac 2011

 

 

[Other Office Software]

- Microsoft Office Compatibility Pack Service Pack 3

- Microsoft Excel Viewer

- Microsoft Word Viewer

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-014

 

 

 

 

10. [MS17-015] Exchange Server용 보안 업데이트

□ 설명

- 공격자가 특수 제작된 악성 파일이 첨부된 전자메일을 취약한 Exchange Server에 전송할 경우, 원격코드 실행이 허용되는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- Microsoft Exchange Elevation of Privilege Vulnerability – CVE-2017-0110

 

 

□ 영향을 받는 소프트웨어

[Microsoft Server Software]

- Microsoft Exchange Server 2013 Service Pack 1

- Microsoft Exchange Server 2013 Cumulative Update 14

- Microsoft Exchange Server 2016 Cumulative Update 3

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-015

 

 

 

 

11. [MS17-016] IIS용 보안 업데이트

□ 설명

- 사용자가 영향받는 IIS Server에서 특수 제작된 악성 URL을 클릭하는 경우, 권한 상승이 허용되는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 권한 상승

 

 

□ 관련 취약점

- Microsoft IIS Server XSS Elevation of Privilege Vulnerability – CVE-2017-0055

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for 32-bit Systems Service Pack 2

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-016

 

 

 

 

12. [MS17-017] Windows 커널용 보안 업데이트

□ 설명

- 공격자가 특수 제작된 악성 응용 프로그램을 실행할 경우, 권한 상승이 허용되는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 권한 상승

 

 

□ 관련 취약점

- Windows Kernel Elevation of Privilege Vulnerability – CVE-2017-0050

- Windows Elevation of Privilege Vulnerability – CVE-2017-0101

- Windows Elevation of Privilege Vulnerability – CVE-2017-0102

- Windows Registry Elevation of Privilege Vulnerability – CVE-2017-0103

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista for 32-bit Systems Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-017

 

 

 

 

13. [MS17-018] Windows 커널 모드 드라이버용 보안 업데이트

□ 설명

- 공격자가 대상 시스템에 로그온하여 특수 제작된 응용 프로그램을 실행하는 경우, 권한 상승이 허용되는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 권한 상승

 

 

□ 관련 취약점

- Win32k Elevation of Privilege Vulnerability - CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078 ~ 0082

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista for 32-bit Systems Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-018

 

 

 

 

14. [MS17-019] ADFS용 보안 업데이트

□ 설명

- 공격자가 ADFS(Active Directory Federation Services) 서버에 특수한 요청을 전송하여 파일을 읽을 수 있는 경우, 정보 노출을 허용하는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 정보 노출

 

 

□ 관련 취약점

- Microsoft Active Directory Federation Services Information Disclosure Vulnerability – CVE-2017-0043

 

 

□ 영향을 받는 소프트웨어

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-019

 

 

 

 

15. [MS17-020] Windows DVD Maker 보안 업데이트

□ 설명

- 공격자가 특수하게 제작된 .msdvd파일을 Windows DVD Maker에 실행시킬 경우, 정보 노출이 발생하는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 정보 노출

 

 

□ 관련 취약점

- Windows DVD Maker Cross-Site Request Forgery Vulnerability - CVE-2017-0045

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista for 32-bit Systems Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-020

 

 

 

 

16. [MS17-021] Windows DirectShow용 업데이트

□ 설명

- 사용자가 Windows DirectShow로 웹 사이트에서 호스팅되는 특수하게 제작된 미디어 콘텐츠를 열람할 경우, 정보 노출이 발생하는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 정보 노출

 

 

□ 관련 취약점

- Windows DirectShow Information Disclosure Vulnerability - CVE-2017-0042

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista for 32-bit Systems Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-021

 

 

 

17. [MS17-022] XML Core Service용 업데이트

□ 설명

- 사용자가 XML을 포함한 특수하게 제작된 웹사이트를 방문할 경우, 정보 노출이 발생하는 문제점이 존재함.

 

 

□ 중요도

- 중요 (Important)

 

 

□ 영향

- 정보 노출

 

 

□ 관련 취약점

- Microsoft XML Core Services Information Disclosure Vulnerability – CVE-2017-0022

 

 

□ 영향을 받는 소프트웨어

[Windows Vista]

- Windows Vista for 32-bit Systems Service Pack 2

- Windows Vista x64 Edition Service Pack 2

 

 

[Windows Server 2008]

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

 

[Windows 7]

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems Service Pack 1

 

 

[Windows Server 2008 R2]

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

 

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012 R2 (Server Core installation)

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

- Windows Server 2016 for x64-based Systems (Server Core installation)

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-022

 

 

 

 

18. [MS17-023] Adobe Flash Player용 보안 업데이트

□ 설명

- 지원되는 모든 버전의 Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Windows Server 2016에 설치된 Adobe Flash Player의 문제점을 해결함.

 

 

□ 중요도

- 긴급 (Critical)

 

 

□ 영향

- 원격코드 실행

 

 

□ 관련 취약점

- A buffer overflow vulnerability that could lead to code execution - CVE-2017-2997

- Memory corruption vulnerabilities that could lead to code execution - CVE-2017-2998, CVE-2017-2999

- A random number generator vulnerability used for constant blinding that could lead to information disclosure - CVE-2017-3000

- Use-after-free vulnerabilities that could lead to code execution - CVE-2017-3001 ~ CVE-2017-3003

 

 

□ 영향을 받는 소프트웨어

[Windows 8.1]

- Windows 8.1 for 32-bit Systems

- Windows 8.1 for x64-based Systems

 

 

[Windows Server 2012 and Windows Server 2012 R2]

- Windows Server 2012

- Windows Server 2012 R2

 

 

[Windows RT 8.1]

- Windows RT 8.1

 

 

[Windows 10]

- Windows 10 for 32-bit Systems

- Windows 10 for x64-based Systems

- Windows 10 Version 1511 for 32-bit Systems

- Windows 10 Version 1511 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

 

 

[Windows Server 2016]

- Windows Server 2016 for x64-based Systems

 

 

□ 해결책

- 해당 시스템에 대한 마이크로소프트사의 보안 업데이트를 적용함.

 

 

□ 참조사이트

- https://technet.microsoft.com/ko-kr/library/security/MS17-023

 

 

 

 

목록
- 본 정보에 대한 저작권은 ㈜하우리에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
- 본 정보에 대한 이용문의는 “1:1 상담”을 이용하여 주십시오.
1:1상담