중요 등급으로 분류된 이번 업데이트에서는 ASP.NET 패딩 오라클(Padding Oracle) 취약점으로 알려진 CVE-2010-3332 취약점을 이용하여 Microsoft Internet Information Services(IIS)의 ASP.NET에서 사용되는 Microsoft .NET Framework가 공격자에 의하여 암호화된 View State Form 데이터를 읽기 및 변조가 가능한 정보 유출 문제가 발견되었습니다.
그러므로 Microsoft .NET Framework가 설치된 Windows 환경에서는 보안 패치를 확인하시고 설치하시기 바랍니다.
[영향을 받지 않는 소프트웨어]
Windows XP Service Pack 3
- Microsoft .NET Framework 1.0 Service Pack 3(Windows XP Media Center Edition 2005 및 Windows XP Tablet PC Edition 2005만 해당)
다음의 목록은 해당 취약점의 영향을 받는 소프트웨어입니다.
1. Windows XP
● Windows XP Service Pack 3
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
- Microsoft .NET Framework 3.5 (KB2416468)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows XP Professional x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
- Microsoft .NET Framework 3.5 (KB2416468)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
2. Windows Server 2003
● Windows Server 2003 Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416451)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
- Microsoft .NET Framework 3.5 (KB2416468)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Server 2003 x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
- Microsoft .NET Framework 3.5 (KB2416468)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Server 2003 SP2(Itanium 기반 시스템용)
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241)
- Microsoft .NET Framework 3.5 (KB2416468)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
3. Windows Vista
● Windows Vista Service Pack 1
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
- Microsoft .NET Framework 2.0 Service Pack 1 및 Microsoft .NET Framework 3.5 (KB2416469)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
● Windows Vista Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
- Microsoft .NET Framework 3.5 (KB2418240)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Vista x64 Edition Service Pack 1
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
- Microsoft .NET Framework 2.0 Service Pack 1 및 Microsoft .NET Framework 3.5 (KB2416469)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
● Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
- Microsoft .NET Framework 3.5 (KB2418240)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
4. Windows Server 2008
● Windows Server 2008(32비트 시스템용)
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
- Microsoft .NET Framework 2.0 Service Pack 1 및 Microsoft .NET Framework 3.5 (KB2416469)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
● Windows Server 2008(32비트 시스템용) Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
- Microsoft .NET Framework 3.5 (KB2418240)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Server 2008(x64 기반 시스템용)
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
- Microsoft .NET Framework 2.0 Service Pack 1 및 Microsoft .NET Framework 3.5 (KB2416469)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
● Windows Server 2008(x64 기반 시스템용) Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
- Microsoft .NET Framework 3.5 (KB2418240)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Server 2008(Itanium 기반 시스템용)
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
- Microsoft .NET Framework 2.0 Service Pack 1 및 Microsoft .NET Framework 3.5 (KB2416469)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416474)
● Windows Server 2008(Itanium 기반 시스템용) Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 (KB2416447)
- Microsoft .NET Framework 2.0 Service Pack 2 (KB2416470)
- Microsoft .NET Framework 3.5 (KB2418240)
- Microsoft .NET Framework 3.5 Service Pack 1 (KB2416473)
- Microsoft .NET Framework 4.0 (KB2416472)
5. Windows 7
● Windows 7(32비트 시스템용)
- Microsoft .NET Framework 3.5.1 (KB2416471)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows 7(x64 기반 시스템용)
- Microsoft .NET Framework 3.5.1 (KB2416471)
- Microsoft .NET Framework 4.0 (KB2416472)
6. Windows Server 2008 R2
● Windows Server 2008 R2(x64 기반 시스템용)
- Microsoft .NET Framework 3.5.1 (KB2416471)
- Microsoft .NET Framework 4.0 (KB2416472)
● Windows Server 2008 R2(Itanium 기반 시스템용)
- Microsoft .NET Framework 3.5.1 (KB2416471)
- Microsoft .NET Framework 4.0 (KB2416472)
사용자들은 Windows에서 제공하는 자동 업데이트 기능을 이용하여 사용자 시스템에 적용되는 보안 패치를 반드시 설치하시고 이용하시기 바랍니다.
[관련글 보기]
2008/01/29 - [벌새::Security] - 윈도우 정기 보안 업데이트