2011. 6. 28. 19:55

MS, Adobe Flash Player, Google Chrome 업데이트

** MS, Flash 취약점을 이용한 악성코드 유포 행위가 활발하여
** 인터넷을 사용하는 모든 사용자는 최신 업데이트가 반드시 필요합니다.
** 아래 모든 내용을 확인하시고 반드시 조치하시기 바랍니다.

Microsoft 보안 업데이트 (매월 둘째주 화요일)
- http://windowsupdate.microsoft.com/
  (Internet Explorer 에서 접속)
- 최종 업데이트 2011.06.15
- 총 16건 보안 패치 적용

Adobe Flash Player 최신 업데이트 (IE에서 접속)
- http://get.adobe.com/kr/flashplayer/
  (Internet Explorer 에서 접속)
- 최종 업데이트 2011.06.28
- 크로스 도메인 정책파일 관련 일부 호환성 문제 해결

Google Chrome 최신 업데이트 (Flash Player 포함)
- 도구 -> Google 크롬 정보 -> 최신버전 설치 완료 후 다시 시작
- 최종 업데이트 2011.06.28
- High 등급(6건), Medium 등급(1건) 보안 문제 해결

CVE-2011-1255 취약점 악용 악성코드 유포
- http://blog.ahnlab.com/asec/557

Exploits for CVE-2011-2110 focus on Korea

Last week, Adobe released an update (APSB11-18) for Adobe Flash Player, fixing a memory corruption vulnerability (CVE-2011-2110) that would allow attackers to take control of the targeted system. In the Advisory, Adobe mentioned reports of active exploitation. We have been tracking the use of this exploit through our signatures (originally as Exploit:SWF/ShellCode.A, and then later as Exploit:SWF/CVE-2011-2110.A) released to Microsoft Security Essentials and Forefront customers for a number of days now and saw significant increases in exploit activity over the weekend. An interesting facet of the use of this exploit is that most of the targets are in Korea. We saw a peak of activity on Sunday, with this exploit attempt being reported by 17,813 computers, 14,890 of them in Korea.

We've seen a focus on Korea in the early history of other 0-day exploits and attack techniques:

  • CVE-2010-3962, which we dubbed the Weekend Warrior for its weekend-based attacks focused on Korea
  • SWF/Jaswi.A, another exploit method using Flash
  • CVE-2010-3972, an Internet Explorer 0-day
  • CVE-2011-0611, another Flash 0-day hit Korea with over 5,000 attack attempts the day after the update was released on April 15

Seeing Korea show up in these types of attacks is starting to become commonplace.

The attacks on CVE-2011-2110 have been using a fairly standard pattern. Most of them are some variation of this exploit in a file called main.swf. Even the SHA1s are fairly consistent. Here are our top hits, which represent about 96% of all of the exploit attempts we've seen:

SHA1 of Attack Attempts:
77A5EA9473E48771FD1F2931D00575159A902AE0 - 24%
5D05BF2E9AB3905240DD6A3B0009CEFAEC134058 - 20%
33DB18D2E74792F2AD9F4CD817D772C9BC73C86C - 16%
EB08317AF86F44C3C3BE159E63321B2CDC9E9E6F - 12%
44E46CF75360090C9A78164880A7BF392E00CC89 - 8%
989646B68323DAAFF95966B7DF982E54F8EF203F - 6%
46E9CE2092EFD73B557C081A9C5DADFE1434E090 - 6%
EB1A594D178B8BCBC873087F784E715CE9BA6121 - 3%

In any case, stay safe, employ endpoint protection, and apply the update if you haven't already!

-Holly Stewart, MMPC

출처 : blogs.technet.com

Trackback 0 Comment 0