> È«º¸¼¾ÅÍ > ºí·çÀ¥ ¼Ò½Ä
ÀÛ¼ºÀÚ ºí·çÀ¥
Á¦¸ñ À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ¾Ç¿ë ÄÚµå °ø°³¿¡ µû¸¥ º¸¾È °­È­ ±Ç°í

¾È³çÇϼ¼¿ä. (ÁÖ)ºí·çÀ¥ÀÔ´Ï´Ù.

 
MS»çÀÇ À©µµ¿ì RDP ¿ø°Ý½ÇÇàÄÚµå Ãë¾àÁ¡ ¾Ç¿ë ÄÚµå(°³³äÁõ¸íÄÚµå, Proof of Concept, Poc)°¡ ÀÎÅÍ³Ý »ó¿¡ °ø°³µÇ¾î ÇÇÇØ ¿¹¹æÀ» À§ÇÑ º¸¾È °øÁö ¾È³»µå¸³´Ï´Ù.

 

 ¡à °³¿ä
 o ÃÖ±Ù ¿øµµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡(CVE-2019-0708)À» ¾Ç¿ëÇÒ ¼ö ÀÖ´Â °³³äÁõ¸íÄÚµå(Proof of concept code, PoC)°¡ ÀÎÅÍ³Ý»ó¿¡ °ø°³µÇ¾î À©µµ¿ì »ç¿ëÀÚÀÇ º¸¾È °­È­ ÇÊ¿ä

¡Ø °³³äÁõ¸íÄÚµå : Ãë¾àÁ¡À» Áõ¸í/°ËÁõÇÒ ¼ö ÀÖ´Â ÇÁ·Î±×·¥ ¶Ç´Â ¼Ò½ºÄÚµå

¡Ø ±â¼úÁö¿øÀÌ Á¾·áµÈ Windows XP, Windows Server 2003±îÁö º¸¾È¾÷µ¥ÀÌÆ® Á¦°ø

 
 ¡à ÁÖ¿ä ³»¿ë

 o À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡(CVE-2019-0708)¸¦ ¾Ç¿ëÄڵ尡 ÀÎÅÍ³Ý»ó¿¡ °ø°³µÇ¾î ¼­ºñ½º °ÅºÎ °ø°Ý ¹× ·£¼¶¿þ¾î °¨¿° µî¿¡ ¾Ç¿ëµÉ ¼ö ÀÖÀ½

 o À©µµ¿ì ¿ø°Ý µ¥½ºÅ©Åé ÇÁ·ÎÅäÄÝ(Remote Desktop Protocol, RDP) ¼­ºñ½º(±âº»Æ÷Æ®:3389)°¡ ½ÇÇàµÇ°í ÀÖ°í ÃֽŠº¸¾È ¾÷µ¥ÀÌÆ®°¡ Àû¿ëµÇ¾î ÀÖÁö ¾ÊÀ» °æ¿ì °ø°Ý À§Çè¿¡ ³ëÃâ

 o Ãë¾àÁ¡¿¡ ¿µÇâ¹Þ´Â À©µµ¿ì Á¦Ç°À» ÀÌ¿ëÇÏ´Â °¢ ±â°ü, ±â¾÷ ¹× ÀÏ¹Ý »ç¿ëÀÚ´Â ÇØ´ç Ãë¾àÁ¡¿¡ ³ëÃâµÇÁö ¾Êµµ·Ï º¸¾È ¾÷µ¥ÀÌÆ® Àû¿ë ¹× RDP º¸¾È °­È­ ÇÊ¿ä

 

< Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â À©µµ¿ì Á¦Ç°>

- Windows XP SP3 x86

 - Windows XP Professional x64 Edition SP2

- Windows XP Embedded SP3 x86

- Windows Server 2003 SP2 x86

- Windows Server 2003 x64 Edition SP2

- Windows 7 for 32-bit Systems Servi! ce Pack 1

- Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems Service Pack 1


 
¡à ´ëÀÀ ¹æ¾È
 o À©µµ¿ì OS¿¡ ´ëÇÑ ÃֽŠº¸¾È ¾÷µ¥ÀÌÆ® Àû¿ë(KISA º¸¾È°øÁö 1193¹ø Âü°í)

 o RDP »ç¿ëÇÏÁö ¾ÊÀ» ½Ã, ¼­ºñ½º ºñÈ°¼ºÈ­

 o RDP »ç¿ëÀÌ ºÒ°¡ÇÇÇÒ ½Ã, Àΰ¡µÈ °ü¸®ÀÚ IPÁÖ¼Ò¿¡¼­¸¸ À©µµ¿ì RDP¸¦ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï ¹æÈ­º® µîÀ» ÅëÇÑ Á¢±Ù ÅëÁ¦ °­È­ ¹× ±âº» Æ÷Æ® ¹øÈ£(3389)¸¦ ´Ù¸¥ Æ÷Æ®·Î º¯°æÇÏ¿© »ç¿ë

 o  ¹é½Å ¼³Ä¡ ¹× Á¤±âÀûÀ¸·Î ÃֽŠ¾÷µ¥ÀÌÆ® ¼öÇà


¡à ¹®ÀÇ»çÇ×

 o ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ÄÚ¸®¾Æ °í°´¼¾ÅÍ: 1577-9700

 o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118


[Âü°í»çÀÌÆ®]
[1]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

[2] https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

 

 
°¨»çÇÕ´Ï´Ù.

  

 
 
 
ȸ»ç¼Ò°³  |  °³ÀÎÁ¤º¸Ãë±Þ¹æħ  |  È¸¿ø¾à°ü |  ÀüÈ­¹øÈ£¾È³»
¢ßÀ¯´ÏÆÄÀÌ ¼­¿ïƯº°½Ã ¼ºµ¿±¸ ±¤³ª·ç·Î 144, ´õ ½ºÆäÀ̽º Ÿ¿ö 7Ãþ, 13Ãþ (º»Á¡)
´ëÇ¥ÀÌ»ç : ±è³²Áø, ÀåºÀ±Ù »ç¾÷ÀÚµî·ÏÁõ¹øÈ£ : 106-81-85951 Åë½ÅÆǸž÷ ½Å°í¹øÈ£ : °­³² 3315È£
ȨÆäÀÌÁö³»¿¡¼­ °áÁ¦µÇ´Â ¼­ºñ½º¿¡ ´ëÇÑ È¯ºÒ, ¹Î¿ø µîÀº (ÁÖ)À¯´ÏÆÄÀÌ¿¡¼­ ó¸®ÇÏ¸ç ¸ðµç Ã¥ÀÓÀº (ÁÖ)À¯´ÏÆÄÀÌ¿¡ ÀÖ½À´Ï´Ù.
¹Î¿ø ´ã´çÀÚ : °í°´»ó´ã¼¾ÅÍ, 02-1588-2120
¼­ºñ½º Á¦ÈÞ/ÀÌ¿ë¹®ÀÇ : master@blueweb.co.kr
Copyright¨Ï Blueweb All rights Reserved.