Microsoft Internet Explorer 의 도움말 (단축키:F1) 파일과 VBScript 상호작용하는 부분에서 취약점이 발생하고 있습니다.

악성 파일(도움말 형식 .hlp)이 설치되고, 단축키 F1 키를 입력하도록 유도하게 된다면 사용자 PC의 시스템 파일이 실행되게 됩니다.

현재 패치가 이루어지지 않았으며, Windows XP 등 영향 받는 소프트웨에서는 단축키 F1키를 누르지 말도록 권고하고 있습니다.

http://www.microsoft.com/technet/security/advisory/981169.mspx

[영향 받는 소프트웨어]
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

[영향 받지 않는 소프트웨어]

- Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems



아래는 공격코드를 실행한 상세 내역이며, 자세한 분석내용은 후에 포스팅 하도록 하겠습니다.



악성 서버에 접근하였을 경우 F1키를 입력하도록 유도하는 화면입니다.


F1 키를 입력하였을 때 사용자의 실행 파일(테스트:계산기)가 실행된 화면입니다.



[대응방안]
http://support.microsoft.com/kb/917607/ko


※ 현재 ㈜에이쓰리시큐리티에서 테스트 및 분석 중에 있으며, 이 문서는 계속 업데이트될 것입니다. 본 문서는 보안취약점으로 인한 피해를 최소화하는 데 도움이 되고자 작성되었으나, 본 문서에 포함된 대응방안의 유효성이나 기타 예상치 못한 시스템의 오작동 발생에 대하여서는 ㈜에이쓰리시큐리티에서는 일체의 책임을 지지 아니합니다.

http://www.microsoft.com/technet/security/advisory/980088.mspx

MS에서 제로데이 취약점(Vulnerability in Internet Explorer Could Allow Information Disclosure)을 발표했습니다.

공격자에 의해서 사용자PC의 파일명과 파일 위치의 정보가 노출이 된다고 합니다.
기본적으로 보호모드를 지원하지 않는 Internet Exporer 5,6 대상으로 많이 이루어지고 있으며, Internet Explorer 8 버전으로 업데이트 할 것을 권고 합니다.

보호모드 정보 : http://msdn.microsoft.com/en-us/library/ms537180(VS.85).aspx

[영향 받는 소프트웨어]
 

Windows 2000 Service Pack 4

Windows XP Service Pack 2

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista Service Pack 1 and Service Pack 2

Windows Vista x64 Edition

Windows Vista x64 Edition Service Pack 1 and Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, and Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 8 for Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, and Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8 in Windows 7 for 32-bit Systems

Internet Explorer 8 in Windows 7 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems