반응형
마이크로소프트(Microsoft) IIS(Internet Information Services) 5.0 / 5.1 / 6.0 버전에서의 FTP 서비스와 관련된 제로데이(0-Day) 취약점이 공개가 되었습니다.
해당 보안 취약점은 FTP 서비스를 운영하고 인터넷에 연결된 해당 취약점을 가진 시스템에 공격자가 원격코드를 실행할 수 있다고 알려져 있습니다.
[영향을 받는 소프트웨어]
Microsoft Windows 2000 Service Pack 4 : Microsoft Internet Information Services 5.0
Windows XP Service Pack 2 / Windows XP Service Pack 3 : Microsoft Internet Information Services 5.1
Windows XP Professional x64 Edition Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 x64 Edition Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 with SP2 for Itanium-based Systems : Microsoft Internet Information Services 6.0
Microsoft Windows 2000 Service Pack 4 : Microsoft Internet Information Services 5.0
Windows XP Service Pack 2 / Windows XP Service Pack 3 : Microsoft Internet Information Services 5.1
Windows XP Professional x64 Edition Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 x64 Edition Service Pack 2 : Microsoft Internet Information Services 6.0
Windows Server 2003 with SP2 for Itanium-based Systems : Microsoft Internet Information Services 6.0
[영향을 받지 않는 소프트웨어]
Windows Vista, Windows Vista Service Pack 1 / Windows Vista Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for 32-bit Systems / Windows Server 2008 for 32-bit Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for x64-based Systems / Windows Server 2008 for x64-based Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for Itanium-based Systems / Windows Server 2008 for Itanium-based Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows 7 for 32-bit Systems : Microsoft Internet Information Services 7.5
Windows 7 for x64-based Systems : Microsoft Internet Information Services 7.5
Windows Server 2008 R2 for x64-based Systems : Microsoft Internet Information Services 7.5
Windows Server 2008 R2 for Itanium-based Systems : Microsoft Internet Information Services 7.5
Windows Vista, Windows Vista Service Pack 1 / Windows Vista Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for 32-bit Systems / Windows Server 2008 for 32-bit Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for x64-based Systems / Windows Server 2008 for x64-based Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows Server 2008 for Itanium-based Systems / Windows Server 2008 for Itanium-based Systems Service Pack 2 : Microsoft Internet Information Services 7.0
Windows 7 for 32-bit Systems : Microsoft Internet Information Services 7.5
Windows 7 for x64-based Systems : Microsoft Internet Information Services 7.5
Windows Server 2008 R2 for x64-based Systems : Microsoft Internet Information Services 7.5
Windows Server 2008 R2 for Itanium-based Systems : Microsoft Internet Information Services 7.5
현재 해당 보안 취약점에 대한 보안패치가 공개되지 않았으므로, FTP 서버를 운영하시는 분들은 신뢰할 수 없는 익명의 사용자의 FTP 쓰기를 허용하지 않고 읽기 전용으로 설정하시기 바랍니다.
아직은 해당 취약점을 이용한 악의적인 활동이 보고되지 않은 것으로 보이지만, 9월 정기 업데이트를 앞두고 해당 문제가 해결될지는 미지수입니다.
그러므로 이런 경우에는 인터넷 사용자들은 신뢰할 수 있는 보안제품의 실시간 검사 기능을 반드시 활성화하시고 인터넷을 이용하시기 바랍니다.
728x90
반응형