일일 보안이슈
ExploitAlert
CVE-2017-10798, ObjectPlanet Opinio 7.6.3 XSS
CVE-2017-4918, Code Injection in VMware Horizon’s macOS Client
IBM Informix DB-Access BOF
Mac 사용자 대상 파밍(피싱) 악성코드
TrendMicro는 Apple 이용고객을 대상으로한 신규 악성코드를 발견. 2012년 첫 발견된 Operation Emmental 악성캠페인의 일부로 보인다. 이 악성코드는 Doc 으로 명명, 스위스 은행 고객을 대상으로 함. 본질적으로 윈도우용 뱅킹 악성코드인 Retefe와 WERDLOD 의 맥 버전, zip 과 docx 등 여러 파일을 첨부한 피싱 이메일로 유포된다.기사원문
SQL 인젝션 취약점 스캐너 해킹포럼에서 $500에 판매중
완벽히 자동화된 SQL 인젝션 취약점 스캐너가 해킹포럼에서 판매중인것을 Recorded Future의 보안연구원이 발견. 이 스캐너는 Katyusha Scanner 로 명명, 러시아어를 구사하는 익명의 개인이 지난 4월 8일 게시함. Telegram 의 기능과 오픈소스 pen test 도구인 Anarchi Scanner 를 이용한다. 5월 10일 릴리즈된 라이트버전은 $250, 풀 버전은 $500에 판매중. 가장 최근 업데이트는 6월 말, 대여에는 $200/월 이 소요된다. 기사원문
“Similar to the very lethal weapon conceived 70 years ago, Katyusha Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites with several clicks using their smartphones,”
Adobe 보안 업데이트
APSB17-21 Security updates available for Adobe Flash Player
APSB17-22 Security update available for Adobe Connect
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
|---|---|---|---|
| Security Bypass | Information Disclosure | Important | CVE-2017-3080 |
| Memory Corruption | Remote Code Execution | Critical | CVE-2017-3099 |
| Memory Corruption | Memory address disclosure | Important | CVE-2017-3100 |
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| User Interface (UI) Misrepresentation of Critical Information | Clickjacking attacks | Moderate | CVE-2017-3101 |
| Improper Neutralization of Input During Web Page Generation | Cross-site scripting attacks | Important | CVE-2017-3102 |
| Improper Neutralization of Input During Web Page Generation | Cross-site scripting attacks | Important | CVE-2017-3103 |
MS 7월 보안패치
Win10 및 기타 제품을 포함한 55개 취약점 패치하는 업데이트 배포. 아래 표에 나열된 취약점 외 모든 패치 내역은 여기서 확인가능. 업데이트 센터.
내용추가,
Preempt 의 보안연구원은 NTLM(Windows NT LAN Manager)에 존재하는 두 개의 0-day 취약점을 발견, 둘 모두 프로토콜을 적절치 않게 핸들링해 공격자가 도메인 관리자 계정을 생성할 수 있게 한다. 이중 하나는 이번 패치에 포함됐으나, 나머지 하난 미포함. 관련기사
| Product | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2017-8585 | .NET Denial of Service Vulnerability |
| Adobe Flash Player | ADV170009 | July Flash Security Update |
| ASP .NET | CVE-2017-8582 | Https.sys Information Disclosure Vulnerability |
| HoloLens | CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability |
| Internet Explorer | CVE-2017-8592 | Microsoft Browser Security Feature Bypass |
| Internet Explorer | CVE-2017-8594 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2017-8618 | Scripting Engine Memory Corruption Vulnerability |
| Kerberos | CVE-2017-8495 | Kerberos SNAME Security Feature Bypass Vulnerability |
| Microsoft Browsers | CVE-2017-8602 | Microsoft Browser Spoofing Vulnerability |
| Microsoft Edge | CVE-2017-8611 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2017-8596 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8617 | Microsoft Edge Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2017-8599 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2017-8619 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2017-8621 | Microsoft Exchange Open Redirect Vulnerability |
| Microsoft Exchange Server | CVE-2017-8560 | Microsoft Exchange Cross-Site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2017-8559 | Microsoft Exchange Cross-Site Scripting Vulnerability |
| Microsoft Graphics Component | CVE-2017-8577 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8578 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8573 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8574 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8556 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8580 | Win32k Elevation of Privilege Vulnerability |
| Microsoft NTFS | CVE-2017-8587 | Windows Explorer Denial of Service Vulnerability |
| Microsoft Office | CVE-2017-0243 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2017-8502 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2017-8501 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2017-8570 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2017-8569 | SharePoint Server XSS Vulnerability |
| Microsoft PowerShell | CVE-2017-8565 | Windows PowerShell Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8610 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8601 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8604 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8598 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8608 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8605 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8606 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8603 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8607 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8609 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8595 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2017-8557 | Windows System Information Console Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2017-8566 | Windows IME Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2017-0170 | Windows Performance Monitor Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2017-8590 | Windows CLFS Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2017-8562 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2017-8589 | Windows Search Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2017-8563 | Windows Elevation of Privilege Vulnerability |
| Microsoft WordPad | CVE-2017-8588 | WordPad Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2017-8564 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2017-8561 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8486 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8467 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8581 | Win32k Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability |
번외
BIOS Password Recovery for Laptops. BIOS 비밀번호를 잊어버렸어도 복구 가능…?
