$B%;%-%e%j%F%#%[!<%k(B memo - 2008.07

Last modified: Thu Dec 17 01:07:40 2009 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2008.07.31

$B"#(B $B$$$m$$$m(B (2008.07.31)
(various)

$B"#(B SECURITY ADVISORY (CVE-2008-3257) Security vulnerability in WebLogic plug-in for Apache (Oracle WebLogic Server / WebLogic Express)
(Oracle, 2008.07.28)

$B!!(BOracle WebLogic Server (BEA WebLogic Server) 6.1 / 7.0 / 8.1 / 9.0 / 9.1 / 9.2 / 10.0 $B$K7g4Y!#$3$l$K4^$^$l$k(B WebLogic plug-in for Apache $B$K7g4Y$,$"$j!"D9Bg$J(B HTTP $B%P!<%8%g%sHV9fJ8;zNs$r;H$C$F!"(Bremote $B$+$iL5G'>Z$GG$0U$N%3!<%I$rCVE-2008-3257

$B!!=$@5%W%m%0%i%`$O$^$@$J$$!#2sHrJ}K!$H$7$F(B 2 $B$D5s$2$i$l$F$$$k!#(B

2008.08.07 $BDI5-(B:

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$?!#(BSECURITY ADVISORY (CVE-2008-3257) version .01 - Patch available for security vulnerability in WebLogic plug-in for Apache (Oracle) $B$r;2>H!#(B

$B"#(B $BDI5-(B

nVIDIA$B$N(BGPU$B$GBg5,LO$J%j%3!<%k!"@8;:9)Dx$KIT6q9g$,H/@8$+!)(B

$B!!4XO"(B: $B%G%k!"(BNVIDIA GPU$BEk:\%N!<%H$GH/@8$9$kIT6q9g$rM=KI$9$k(BBIOS (PC Watch, 2008.07.29)

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B"#(B 2008.07.30

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$BF|K\$N%$%s%?!<%M%C%H$,=*N;$9$kF|(B

$B!!4XO"(B:

$B"#(B 2008.07.29

$B"#(B $BDI5-(B

JVN#19445002: APOP $B$K$*$1$k%Q%9%o!<%IO3$($$$N@H

$B!!(B$B!V(BMD5 $B$N0BA4@-$N8B3&$K4X$9$kD4::8&5f!W$K4X$9$kJs9p=q(B (IPA, 2008.07.25)

$BD4::$N7k2L!"A[Dj$7$?A4$F$N%Q%9%o!<%I$K$D$$$F!"DL>o;HMQ$5$l$F$$$k(BPC$B$rMQ$$$F!"Hf3SE*C;;~4V$G2rFI$G$-$k$3$H$rZ$7$?!JA4$F$N@_Dj$7$?>r7o2<$GA[Dj;~4VFb$K2rFI!'8=

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H

$B!!(BMs-Access SnapShot Exploit Snapview.ocx v 10.0.5529.0 (milw0rm)

$B"#(B ISR-evilgrade v1.0.0
(infobyte.com.ar, 2008.07.28)

$B!!3F

- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit

$B!!%3!<%I$H%G%b$,8x3+$5$l$F$$$k!#(B

2008.08.04 $BDI5-(B:

$B!!(BCVE:

$B"#(B 2008.07.28

$B"#(B RealPlayer$B$K?<9o$J@H
(ITmedia, 2008.07.28)

$B!!(BRealNetworks, Inc.$B!"%;%-%e%j%F%#@H (RealNetworks, 2008.07.25) $B$N7o!#(B

$B!!1F6A$,$"$k$N$O0J2<$N$b$N(B:

  • Windows $BHG(B RealPlayer 11 (11.0.0 - 11.0.2 $B%S%k%I(B 6.0.14.738 - 6.0.14.802) / 10.5 (6.0.12.1040-6.0.12.1663$B!"(B6.0.12.1698$B!"(B6.0.12.1741) / 10$B!"(BRealPlayer Enterprise

  • Mac $BMQ(B RealPlayer 10.1 (10.0.0.396 - 10.0.0.503) / 10 (10.0.0.305 - 352)

  • Linux $BMQ(B RealPlayer 10 ($BCm(B: Helix Player (10.*) $B$K$O$3$N7g4Y$O$J$$(B)

$B!!3F%W%i%C%H%[!<%`$K$*$1$k:G?7HG$r%$%s%9%H!<%k$9$l$P$h$$!#(B

  • Windows $BHG(B RealPlayer 11 (11.0.3 $B%S%k%I(B 6.0.14.806) $B$^$?$O(B Windows $BHG(B RealPlayer 10.5 (6.0.12.1675)

  • Mac $BMQ(B RealPlayer 11

  • Linux $BMQ(B RealPlayer 11$B!"(BHelix Player (11.*)

$B"#(B 2008.07.24

$B"#(B $BDI5-(B

$B!V(BFirefox 2.0.0.16$B!W%j%j!<%9!"(B2$B7o$N@H

$B!!(BThunderbird 2.0.0.16 $B$,EP>l$7$^$7$?!#(B$B%j%j!<%9%N!<%H(B$B!#(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B"#(B 2008.07.23

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!(B$BJ#?t$N(B DNS $B%5!<%P@=IJ$K$*$1$k%-%c%C%7%e%]%$%:%K%s%0$N@H (JPCERT/CC, 2008.07.09) $B$,99?7$5$l$^$7$?!#(B

2008$BG/(B7$B7n(B22$BF|!"Ev=i$NM=Dj$h$jAa$/K\@HpJs$,8m$C$F8x3+$5$l$^$7$?!#$3$N$?$a!"6aF|Cf$KK\@H

$B%W%j%s%9%H%sBg3X!$EE8;$r@Z$C$?(BPC$B$+$i(BHDD$B0E9f80$N

$B!!%D!<%k$N%=!<%9%3!<%I$,8x3+$5$l$?$=$&$G$9!#(BLest We Remember: Cold Boot Attacks on Encryption Keys (princeton.edu) $B$N(B Memory Research Project Source Code $B$r;2>H!#(B

APSB08-11 - Flash Player update available to address security vulnerabilities

$B!!%Y%j%5%$%s%;%-%e%"%I%7!<%k$N7o!"BP1~$5$l$?$h$&$G$9(B: $B%Y%j%5%$%s%;%-%e%"%I%7!<%k(B(Flash$B7A<0(B)$B$N8!>Z%Z!<%8$,I=<(=PMh$J$$;v>]$N2r>C$N$*CN$i$;(B (VeriSign, 2008.07.22)$B!#(BBenjamin $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2008.07.22

$B"#(B JVN#67573833 - $BJ#?t$N%;%s%A%e%j!
(JVN, 2008.07.22)

$B!!(BWeb $B4IM}2hLL$K(B CSRF $B@H

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B$$$m$$$m(B (2008.07.18)

$B!!(BJVNVU#289235 - BlackBerry Attachment Service $B$N(B PDF $B@8@.5!G=$KG$0U$N%3!<%I$, (JVN, 2008.07.22)

$B"#(B OpenSSH 5.1/5.1p1 $B%j%j!<%9%N!<%H(B
(OpenSSH.com, 2008.07.21)

$B!!(BOpenSSH 5.1/5.1p1 $B$,=P$F$$$^$9(B (link fixed)$B!#(Biida $B$5$s=E$M=E$M>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B%j%j!<%9%N!<%H(B $B$K$O$3$s$J5-=R$,!#$U$D$&$N?M$O(B X11UseLocalhost=no $B$K$O$7$J$$$H;W$&$1$I!D!D!#(B 

Security:

 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
   other platforms) when X11UseLocalhost=no
      
   When attempting to bind(2) to a port that has previously been bound
   with SO_REUSEADDR set, most operating systems check that either the
   effective user-id matches the previous bind (common on BSD-derived
   systems) or that the bind addresses do not overlap (Linux and
   Solaris).

   Some operating systems, such as HP/UX, do not perform these checks
   and are vulnerable to an X11 man-in-the-middle attack when the
   sshd_config(5) option X11UseLocalhost has been set to "no" - an
   attacker may establish a more-specific bind, which will be used in
   preference to sshd's wildcard listener.

   Modern BSD operating systems, Linux, OS X and Solaris implement the
   above checks and are not vulnerable to this attack, nor are systems
   where the X11UseLocalhost has been left at the default value of
   "yes".

   Portable OpenSSH 5.1 avoids this problem for all operating systems
   by not setting SO_REUSEADDR when X11UseLocalhost is set to no.

   This vulnerability was reported by sway2004009 AT hotmail.com.

$B!!$3$s$J3Z$7$=$&$J5!G="-$b$D$-$^$7$?(B ($B%G%U%)%k%HL58z(B)$B!#;n$7$F$_$J$$$H!D!D!#(B 

 * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
   and ssh-keygen(1).

$B!!(Bsshd_config $B$N(B Match address $B$d(B ~/.ssh/authorized_keys $B$N(B from="..." $B$G(B CIDR $B5-K!$,%5%]!<%H$5$l$^$7$?!#(B 

 * sshd_config(5) now supports CIDR address/masklen matching in "Match
   address" blocks, with a fallback to classic wildcard matching. For 
   example:
     Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
         PasswordAuthentication yes

 * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
   from="..." restrictions, also with a fallback to classic wildcard
   matching.

$B!!(Bsshd $B$G(B -T $B%*%W%7%g%s(B ($B3HD%%F%9%H%b!<%I(B) $B$,%5%]!<%H$5$l$^$7$?!#(B Match $B%k!<%k$N%F%9%H$K$b;H$($k$=$&$G$9!#(B 

 * Added an extended test mode (-T) to sshd(8) to request that it write
   its effective configuration to stdout and exit. Extended test mode
   also supports the specification of connection parameters (username,
   source address and hostname) to test the application of
   sshd_config(5) Match rules.

$B!!(BMatch $B$K$D$$$F$O$3$s$J5-=R$b(B: 

 * "Match group" blocks in sshd_config(5) now support negation of
   groups. E.g. "Match group staff,!guests" (bz#1315)

$B!!%j%j!<%9%N!<%H$rF|K\8l$GFI$_$?$$?M$O!"(B$B=U;3$5$s$K$h$kK.LuHG(B$B$r$I$&$>!#(B

2008.08.04 $BDI5-(B:

$B!!(BCVE-2008-3259$B!#(BSO_REUSEADDR $B$N7o!#(B

$B"#(B 2008.07.21

$B"#(B 2008.07.18

$B"#(B $B$$$m$$$m(B (2008.07.18)
(various)

2008.07.22 $BDI5-(B:

$B!!(BJVNVU#289235 - BlackBerry Attachment Service $B$N(B PDF $B@8@.5!G=$KG$0U$N%3!<%I$, (JVN, 2008.07.22)

$B"#(B nVIDIA$B$N(BGPU$B$GBg5,LO$J%j%3!<%k!"@8;:9)Dx$KIT6q9g$,H/@8$+!)(B
(technobahn, 2008.07.17)

$BLdBj$r5/$3$7$?(BGPU$B$N6qBNE*$J@=IJL>$OL@$i$+$K$7$F$$$J$$$,!"0lItJsF;$h$k$HLdBj$r5/$3$7$?(BGPU$B$OF1$8(BASIC$B$rMQ$$$F@8;:$5$l$?%N!<%H%V%C%/MQ$N!V(BG84$B!W$H!V(BG86$B!W$NLOMM$@!#(B

$B!!$3$NOC$_$?$$(B: All Nvidia G84 and G86s are bad (The Inquirer, 2008.07.09)$B!#(B$BA4$F$N(B (!) G84 / G86 GPU $B$K7g4Y$,$"$C$?(B?!

2008.07.31 $BDI5-(B:

$B!!4XO"(B: $B%G%k!"(BNVIDIA GPU$BEk:\%N!<%H$GH/@8$9$kIT6q9g$rM=KI$9$k(BBIOS (PC Watch, 2008.07.29)

2008.10.15 $BDI5-(B:

$B!!4XO"(B:

$B"#(B FreeStyleWiki (FSWiki) $B$K$*$1$k(B Session Cookie $B%G%#%l%/%H%j%H%i%P!<%5%k$N@H
(vuln.sg, 2008.07.16)

$B!!(BFreeStyleWiki 3.6.2 $B$*$h$S(B 3.6.3 dev3 $B0JA0$N3+H/HG$K7g4Y!#(B FreeStyleWiki $B$,;HMQ$7$F$$$k(B CGI::Session $B$K%G%#%l%/%H%j%H%i%P!<%5%k7g4Y$,$"$k$?$a!"%Q%9%o!<%I$rCN$k$3$H$J$/4IM}

$B!!(BFreeStyleWiki $B$K$D$$$F$O(B patch $B$,MQ0U$5$l$F$$$k!#$^$?(B CGI::Session 4.34 $B$G$b=$@5$5$l$F$$$k!#(B

SECURITY: Patch CGI::Session::Driver::file to stop \ and / characters being used in session ids and hence in file names. These characters, possibly combined with '..', could have been used to access files outside the designated session file directory. Reported by TAN Chew Keong of vuln.sg.

$B!!4{$K(B CGI::Session 4.35 $B$H$$$&$N$b$"$k$_$?$$!#(B

$B"#(B $B0E9f2=$5$l$?(BHDD$B$+$i%G!<%?O31L$N4m81@-!=!=Bg3X$N8&5f%A!<%`$,L@$i$+$K!!(B Word/Google Desktop$B$J$I0lHLE*$J%"%W%j%1!<%7%g%s$N;HMQ;~$KO31L$,H/@8(B
(computerworld, 2008.07.17)

$B!!$3$&$$$&7g4Y$@$=$&$G(B:

$B8&5f%A!<%`$O!"(BWord$B$d!V(BGoogle Desktop$B!W$J$I$N0lHLE*$J%"%W%j%1!<%7%g%s$,0E9f2=%U%!%$%k$r07$&:]!"(BHDD$BFb$NHs0E9f2=%;%/%7%g%s$X%G!<%?$r3JG<$7$F$$$k$3$H$rFM$-;_$a$?!#(B

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!(BBlue Coat $B$N>u67(B: DNS CACHE POISONING VULNERABILITY (CERT VU#800113) (Blue Coat, 2008.07.14)$B!#J#?t$N%W%m%@%/%H$K(B patch $B$,MQ0U$5$l$F$$$^$9!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H

$B!!@kEA(B: $B%A%'%C%/!&%]%$%s%H!"(BInternet Explorer $B$N%Q%C%AL$8x3+$N@H (checkpoint, 2008.07.17)$B!#(B

$B!V(BFirefox 2.0.0.16$B!W%j%j!<%9!"(B2$B7o$N@H

$B!!(BFirefox 3.0.1 $B=P$^$7$?!#(B$B%j%j!<%9%N!<%H(B$B!#>e5-(B MFSA 2008-34 / 35 $B$K2C$(!"(B MFSA 2008-36: Mac OS X $B>e$G$N0- (CVE-2008-2934) $B$,=$@5$5$l$F$$$^$9!#(BFirefox 3 $B$N$_$N7g4Y$G$9!#(B

$B"#(B 2008.07.17

$B"#(B 2008.07.16

$B"#(B GLSA 200807-03: PCRE: Buffer overflow
(Gentoo Linux, 2008.07.07)

$B!!(BPCRE 7.7 $B0JA0$K7g4Y!#FCDj$N@55,I=8=$K$*$$$F(B buffer overflow $B$,H/@8!"G$0U$N%3!<%I$NCVE-2008-2371

$B!!(Bofficial patch $B$O$J$$$h$&$@$,!"$?$H$($P(B Bugzilla Bug 228091 dev-libs/libpcre <7.7-r1 pcre_compile.c Heap-based buffer overflow (CVE-2008-2371) (Gentoo) $B$K$"$k(B patch $B$rE,MQ$9$l$P$h$$$_$?$$!#(B

$B"#(B $B!V(BFirefox 2.0.0.16$B!W%j%j!<%9!"(B2$B7o$N@H
(Internet Watch, 2008.07.16)

$B!!(BFirefox 2.0.0.16 $BEP>l!#(B2 $B

$B!!(BFirefox 3.0 $B$K$bF1$87g4Y$,$"$j!"6aF|EP>lM=Dj$N(B Firefox 3.0.1 $B$G=$@5$5$l$kM=Dj!#(B $B$^$?(B MFSA 2008-34 (mozilla-japan.org) $B$N>l9g$O(B Thunderbird $B$d(B SeaMonkey $B$K$b1F6A$9$k!#(BThunderbird $B=$@5HG$O3+H/Cf!#(B SeaMonkey $B$O(B 1.11.1 $B$G=$@5$5$l$F$$$k!#(B

2008.07.18 $BDI5-(B:

$B!!(BFirefox 3.0.1 $B=P$^$7$?!#(B$B%j%j!<%9%N!<%H(B$B!#>e5-(B MFSA 2008-34 / 35 $B$K2C$(!"(B MFSA 2008-36: Mac OS X $B>e$G$N0- (CVE-2008-2934) $B$,=$@5$5$l$F$$$^$9!#(BFirefox 3 $B$N$_$N7g4Y$G$9!#(B

2008.07.24 $BDI5-(B:

$B!!(BThunderbird 2.0.0.16 $B$,EP>l$7$^$7$?!#(B$B%j%j!<%9%N!<%H(B$B!#(B

$B"#(B $BDI5-(B

APSB08-11 - Flash Player update available to address security vulnerabilities

$B!!(BFlash Player 9.0.124.0 $B$r%$%s%9%H!<%k$7$?4D6-$G$O!"(BVeriSign $B$N!V%;%-%e%"%I%7!<%k!W(B(Flash $BHG(B) $B$r@5>o$K3NG'$G$-$J$$LOMM!#(B

$B!!(BVeriSign $B$O!"(BGIF $BHG$OLdBj$J$$$N$G(B GIF $BHG$r;H$C$F$/$l!"$H8@$C$F$$$k$h$&$G$9!#(B Benjamin $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2008.07.15

$B"#(B Struts$B$K%;%-%e%j%F%#99?7!"A4%f!<%6$K%"%C%W%G!<%H?d>)(B
($B%^%$%3%_%8%c!<%J%k(B, 2008.07.14)

$B!!(BApache Struts 2.0.11.2 $B%j%j!<%9%N!<%H(B$B$K(B

Struts 2.0.11.2 comes with a security fixed version 2.0.5 of XWork, which corrects a serious vulnerability in ParametersInterceptor allowing malicious users to remotely change server side context objects. All users are strongly encouraged to upgrade to Struts 2.0.11.2.

$B$H=q$+$l$F$$$k7o!#(B

$B"#(B $B%$%s%F%k@=%A%C%W$K%j%b!<%H967b$N@H
(computerworld, 2008.07.15)

$B!!$&!<$s!D!D$H$j$"$($:MM;R8+$9$k$7$+$J$5$2(B? $B

2008.07.16 $BDI5-(B:

$B!!$=$&$$$($P!"@N!"(BPentium F00F $B%P%0(B ($B%&%#%-%Z%G%#%"(B) $B$J$s$F$N$b$"$j$^$7$?$M!D!D!#(B

$B!!$b$7$+$7$F!":rG/$N!"(B$BFCDj$N%$%s%F%k%W%m%;%C%5$rEk:\$9$k%G%9%/%H%C%W@=IJ$N%7%9%F%`(BBIOS$B$r%"%C%W%G!<%H$7$F$/$@$5$$!J2~HG!K(B$B$NOC$N$D$E$-$@$C$?$j$9$k$s$@$m$&$+!D!D!#(B

$B"#(B 2008.07.14

$B"#(B About the security content of iPhone v2.0 and iPod touch v2.0
(Apple, 2008.07.11)

$B!!(BiPhone v2.0 / iPod touch v2.0 $BEP>l!#J#?t$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B!!4XO"(B:

$B"#(B $BDI5-(B

Microsoft 2008 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWSUS 2.0 $B4D6-$N(B WMSDE $B$K(B MS08-040 patch $B$rE,MQ$9$k>l9g$NOC!"E,MQ$9$Y$-$J$N$OF|K\8lHG(B patch $B$G$O$J$/1Q8lHG(B patch $B$J$N$@$=$&$@!#$d$d$3$7$d!#(B

$BF|K\$N%$%s%?!<%M%C%H$,=*N;$9$kF|(B

$B!!4XO"(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954960) Microsoft Windows Server Update Services (WSUS) $B$K$h$k%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+$,%V%m%C%/$5$l$k(B

$B!!(BWindows 2008 $B>e$G>e5-=$@5%W%m%0%i%`$rE,MQ$9$k$K$O!"%(%/%9%W%m!<%i$+$i1&%/%j%C%/$7$F(B [$B4IM}

$B!!$^$?!"$3$N=$@5%W%m%0%i%`$O%"%s%$%s%9%H!<%k$G$-$J$$$=$&$@!#(B

$B"#(B 2008.07.13

$B"#(B 2008.07.12

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!$5$i$J$k8!::J}K!!#(Bdig +short porttest.dns-oarc.net TXT $B$r

$B!!(BWindows $B$J?M$O!"(BWindows $BMQ$N(B BIND $B%P%$%J%j(B$B$r;H$&$H$+!#(B

$B"#(B Wireshark 1.0.2 Released
(Wireshark.org, 2008.07.10)

$B!!(BWireshark 1.0.2 $BEP>l!#(BWireshark 0.8.19 $B!A(B 1.0.1 $B$KB8:_$9$k!"%Q%1%C%H$N:F9=C[;~$K(B crash $B$9$k7g4Y(B wnpa-sec-2008-04 $B$,=$@5$5$l$F$$$k!#(B

$B"#(B 2008.07.11

$B"#(B $BF|K\$N%$%s%?!<%M%C%H$,=*N;$9$kF|(B
($B9bLZ9@8w!w<+Bp$NF|5-(B, 2008.07.10)

$B!!$&$o!"$3$s$J$3$H$K$J$C$F$?$s$@!D!D!#CN$i$J$+$C$?!#(B

$B!!!V%I%3%b!"(Bi$B%b!<%IMQ$N%f%K!<%/$J(BID$B$r3X9;N"%5%$%H$K$b3+J|$X!W$H$+!V%I%3%b!"(Bi$B%b!<%IMQ$N%f%K!<%/$J(BID$B$r%V%i%C%/%5%$%H$K$b2rJ|$X!W$H$+!"$=$&$$$&$3$H$@$h$M!D!D!#(B

$B$I$&$d$i!"J?@.(B19$BG/EYCf$H$$$&6h@Z$j$G!"7@Ls $B$3$l$,AmL3>J$N8x3+$5$l$F$$$J$$J}?K$K4p$E$/$b$N$G$"$k$+$I$&$+$OCN$i$J$$!#2?$r$b$C$F!V%1!<%?%$(BWeb$B!W$G$"$k$N$+!"$=$NDj5A$,B8:_$9$k$N$+$o$+$i$J$$$,!"$H$K$+$/!"(BNTT$B%I%3%b$N!V(Bi$B%b!<%I!W!"(Bau$B$N!V(BEZweb$B!W!"%=%U%H%P%s%/%b%P%$%k$N(BWeb$B!"%$! $B$J$<$3$N;~4|$K$3$N$h$&$JE83+$K$J$C$?$N$+!#(B($BCfN,(B) $B$D$^$j!"0-!

$B!!$&!<$s!D!D!#$=$&$$$&$d$jJ}$OI{:nMQ$"$j$9$.$@$H;W$&$N$@$1$I!"@$$NCf4{$K$=$A$i$NJ}8~$K9T$C$F$7$^$C$?8e$J$N$M!D!D!#$$$d$"!"I]$$$J$"!#(B

$B7@LspJs%;%-%e%j%F%#$r@lLg$H$9$k

  • $B%1!<%?%$(BWeb$B$K$*$$$F$O!"@dBP$K=;=j;aL>$rF~NO$7$J$$!#(B
    • $B>&IJG[Aw@h$H$7$F=;=j;aL>$NF~NO$,I,MW$H$J$k%M%C%H%7%g%C%W$OMxMQ$7$J$$!#!JCe%a%mEy$N%@%&%s%m!<%I9XF~$N$h$&$K!"=;=j;aL>$rAw?.$9$kI,MW$N$J$$%7%g%C%T%s%0$7$+$7$J$$$h$&$K$9$k!#!K(B
    • $B$I$&$7$F$bJ*$rGc$$$?$$$H$-$O!"7HBSEEOC2q
    • $B%1!<%?%$(BWeb$B$K$*$$$F$O!"40A4$KF?L>$G;H$&$3$H$r3P8g$9$k$+!"Kt$O!">o$KHsF?L>$G$"$k$3$H$rA0Ds$K9TF0$9$k!#(B
      • $BF?L>$rA*Br$9$k>l9g$O!"<+J,$,C/$G$"$k$+$o$+$k$h$&$J$3$H$r!"$I$N%5%$%H$G$bL@$i$+$K$7$J$$$h$&$K$9$k!#(B
      • $BHsF?L>$rA*Br$9$k>l9g$O!"<+J,$,C/$G$"$k$+$O$I$N%5%$%H$G$bCN$i$lF@$k$H3P8g$7$F!"$=$l$G$b$+$^$o$J$$9TF0$7$+$H$i$J$$$h$&$K$9$k!#(B

$B!!$3$s$J%j%F%i%7!<$,I,MW$J

$B$3$ND4;R$G!"2?G/$+8e$K$O!"!V(BPC$B$b%1!<%?%$(BWeb$BF1MM$K8GM-(BID$B$NAw?.$r5AL3$E$1$k!W$H$$$&K!0F$,Ib>e$9$k$+$b$7$l$J$$!#(B
$B$=$s$JK!0F$,=P$=$&$K$J$C$?$H$-!";d$?$A$O!"$A$c$s$H$/$$;_$a$k$3$H$,$G$-$k$@$m$&$+!#(B

$B!!!VF|K\H/!W$N(B Web $B%V%i%&%6$,;YG[E*$JN)>l$K$"$C$?$J$i!"4{$K$=$&$J$C$F$$$?$N$+$b!D!D!#$R!

$B$3$l$O%;%-%e%j%F%#BP:v$NI,MW@-$rAJ$($k$H$-$K$7$P$7$P6lO+$5$;$i$l$k$N$HF1MM$NOC$@!#$-$A$s$H;vA0$KBP:v$rBG$F$PHo32$O=P$J$$!#$=$l$r8e$K$J$C$F!"!V8=$KHo32$O$J$$!#$=$N7|G0$O[9M+$G$7$g$&!#!W$H8@$o$l$?$H$-!"%;%-%e%j%F%#@lLg2H$O$I$&1~$8$k$Y$-$@$m$&$+!#(B

$B!![9M+$G:Q$s$G$$$k$&$A$KBP:v$r

2008.07.14 $BDI5-(B:

$B!!4XO"(B:

2008.07.30 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

Microsoft 2008 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!4XO"(B:

APSB08-15 - Security Update available for Adobe Reader and Acrobat 8.1.2

$B!!(BRelease notes for Adobe Reader and Acrobat 8.1.2 SU1 security update (Adobe KB403742)$B!#(B8.1.2 Security Update 1 $BE,MQ>u67$N3NG'J}K!0lMw!#(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!(BZoneAlarm $BOC$HF1MM$N$3$H$,(B Check Point Secure Access/Integrity $B%/%i%$%"%s%H$G$bH/@8$7$F$^$7$?OC!#99?7HG$,=P$F$$$^$9!#(B

$B!!$^$?!"(BCheckPoint VPN-1 / UTM-1 / Connectra $B$r;HMQ$7$F$$$k>l9g$O!"(BSmartDefense $B$N(B DNS $B%j%/%(%9%H!&%9%/%i%s%V%k5!G=$rM-8z$K$9$k$3$H$G!"$3$N7g4Y$r2sHr$G$-$k$=$&$G$9!#(B

$B!!$"$H!"(BDNS$B$N@H (Open Tech Press, 2008.07.11) $B$K$h$k$H!"(BKaminsky$B;a$N(BWeb$B%5%$%H(B $B$N(B [Check My DNS] $B%\%?%s$G<+?H$N(B DNS $B%5!<%P$r8!::$G$-$k$=$&$G$9!#(B

$B"#(B 2008.07.10

$B"#(B Sun Releases Updates for Java SE
(US-CERT Current Activity, 2008.07.10)

$B!!(BJava SE 6 / 5.0 / 1.4.2 / 1.3.1 $B$KJ#?t$N7g4Y!#(B

$B!!(BJava SE 6 Update 7 / 5.0 Update 16 / 1.4.2_18 / 1.3.1_23 $B$G=$@5$5$l$F$$$k!#(B

$B!!4XO"(B:

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!(BMS08-037 patch $B$G(B ZoneAlarm $B$,IT6q9g$N7o!"(B Workaround to Sudden Loss of Internet Access Problem (ZoneAlarm.com) $B$,8x3+$5$l!"=$@5HG$,G[I[$5$l$F$$$^$9!#1Q8lHG$N$h$&$G$9!#(B

$B!!$^$?2sHrJ}K!$,(B 2 $B

  1. ZoneAlarm $B$N(B [$B%$%s%?!<%M%C%H(B $B%>!<%s(B $B%;%-%e%j%F%#(B] $B%9%i%$%@!<$r(B [$BCf(B] $B$K@_Dj$9$k!#(B

  2. MS08-037 patch (KB951748) $B$r%"%s%$%s%9%H!<%k$9$k!#(B

$B!!$"$H!"DI2C>pJs(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954960) Microsoft Windows Server Update Services (WSUS) $B$K$h$k%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+$,%V%m%C%/$5$l$k(B

$B!!(BAdvisory $B$,2~D{$5$l$?!#$3$NLdBj$r2r7h$9$k$?$a$N=$@5%W%m%0%i%`$,MQ0U$5$l$?$=$&$@!#(BSome computers do not receive updates from the WSUS server (Microsoft KB954960) $B;2>H!#(B

$B"#(B 2008.07.09

$B"#(B Microsoft 2008 $BG/(B 7 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2008.07.09)

$B!!M=Dj$I$*$j!V=EMW!W(Bx 4 $B$J$N$G$9$,!"(BDNS $B$M$?!"!V=EMW!W$G$$$$$s$G$9$+(B? $B$H;W$C$A$c$&$s$@$h$M!#(B

MS08-037 - $B=EMW(B: DNS $B$N@H (Microsoft)

Windows 2000 / XP / Server 2003 / Server 2008 $B$K7g4Y!#(B Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$NOC!#(B

MS08-038 - $B=EMW(B: Windows $B%(%/%9%W%m!<%i$N@H (Microsoft)

Windows Vista / Server 2008 $B$K7g4Y!#8!:w%U%)%k%@(B (saved-search $B%U%!%$%k(B; .search-ms $B%U%!%$%k(B) $B$N=hM}$K7g4Y$,$"$j!"96N,(B .search-ms $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1435

$B4XO"(B:

patch $B$N$*$^$15!G=(B:

$B$3$N%;%-%e%j%F%#99?7%W%m%0%i%`$O(B Windows Vista $B$*$h$S(B Windows Server 2008 $B%3%s%T%e!<%?$N<+F0CVE-2008-0951 $B$G@bL@$5$l$F$$$kLdBj$r=$@5$7$^$9!#(B

Vulnerability Note VU#889747 - Windows Vista fails to properly handle the NoDriveTypeAutoRun registry value $B$,D>$C$?$h$&$G!#(B

MS08-039 - $B=EMW(B: Exchange Server $B$N(B Outlook Web Access $B$N@H:3J$,5/$3$k(B (953747) (Microsoft)

Exchange Server 2003 / 2007 $B$N(B Outlook Web Access $B$K(B 2 $B$D$N7g4Y!#(B

  • $BEE;R%a!<%k$N=hM}$K$*$$$F!VEE;R%a!<%k$N%U%#!<%k%I$r==J,$K8!>Z$7$J$$!W$?$a$K(B XSS $B7g4Y$,H/@8!"96N,EE;R%a!<%k$rMQ$$$F%;%C%7%g%s%O%$%8%c%C%/$,2DG=!#(BCVE-2008-2247

  • $BEE;R%a!<%k$N=hM}$K$*$$$F!V(BHTML $B$r==J,$K8!>Z$7$J$$!W$?$a$K(B XSS $B7g4Y$,H/@8!"96N,EE;R%a!<%k$rMQ$$$F%;%C%7%g%s%O%$%8%c%C%/$,2DG=!#(BCVE-2008-2248

MS08-040 - $B=EMW(B: Microsoft SQL Server $B$N@H:3J$5$l$k(B (941203) (Microsoft)

SQL Server 7.0 / 2000 / 2005$B!"(BMSDE 1.0 / 2000$B!"(BSQL Server 2005 Express Edition$B!"(BWindows SQL Server 2000 Desktop Engine (WMSDE)$B!"(BWindows Internal Database (WYukon) $B$K(B 4 $B$D$N7g4Y!#(B

  • $B%a%b%j(B $B%Z!<%8$N:F;HMQ$N@HCVE-2008-0085

  • $BJQ49$N%P%C%U%!(B $B%*!<%P!<%i%s$N@HCVE-2008-0086

  • SQL Server $B$N%a%b%jGKB;$N@HCVE-2008-0107

  • SQL Server $B$N%P%C%U%!(B $B%*!<%P!<%i%s$N@HCVE-2008-0106

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7!"(BWSUS 2.0 $B4D6-$N(B WMSDE $B$K(B MS08-040 patch $B$rE,MQ$9$k>l9g!"<+F099?7$d(B Windows Update $B$G$O$&$^$/E,MQ$G$-$J$$LOMM!#

$B!!4XO"(B:

2008.07.11 $BDI5-(B:

$B!!4XO"(B:

2008.07.14 $BDI5-(B:

$B!!(BWSUS 2.0 $B4D6-$N(B WMSDE $B$K(B MS08-040 patch $B$rE,MQ$9$k>l9g$NOC!"E,MQ$9$Y$-$J$N$OF|K\8lHG(B patch $B$G$O$J$/1Q8lHG(B patch $B$J$N$@$=$&$@!#$d$d$3$7$d!#(B

$B"#(B Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution
(Microsoft, 2008.07.09)

$B!!(BMicrosoft Word 2002 (Word XP) $B$K7g4Y$,$"$j!"96N,(B Word $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-2244

$B!!=$@5%W%m%0%i%`$O3+H/Cf!#4XO"(B:

2008.08.13 $BDI5-(B:

$B!!(BMS08-042 - $B=EMW(B: Microsoft Word $B$N@H $B$G=$@5$5$l$?!#(BWord 2002 (XP) $B$@$1$G$J$/(B Word 2003 $B$b=$@5$5$l$F$$$k!#(B

2008.08.14 $BDI5-(B:

$B!!4XO"(B: MS08-042 : Understanding and detecting a specific Word vulnerability (Microsoft Security Vulnerability Research & Defense, 2008.08.12)

$B"#(B Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning
(US-CERT, 2008.07.09)

$B!!J#?t$N(B DNS $B\:Y>pJs$O!"(B2008.08.07 $B$N(B Black Hat conference $B$K$*$$$F(B Dan Kaminsky $B;a$+$iH/I=$5$l$kM=Dj!#(B

  • CVE-2008-1447 - DNS $B%/%(%j$K==J,$J%(%s%H%m%T!<$,$J$$!#(B"DNS Insufficient Socket Entropy Vulnerability"

  • CVE-2008-1454 - $B56$N(B DNS $B%l%9%]%s%9$r

$B!!%Y%s%@!<>pJs(B:

  • ISC - BIND $BA4%P!<%8%g%s$K(B CVE-2008-1447 $B7g4Y!#(BBIND 9.5.0-P1 / 9.4.2-P1 / 9.3.5-P1 $B$G=$@5$5$l$F$$$k$,!"(B10,000 $B%/%(%j(B/$BIC(B $B$r1[$($k4D6-$G$O%Q%U%)!<%^%s%9$NLdBj$,H/@8$9$k!#?7%Y!<%?HG(B (9.5.1b1, 9.4.3b2) $B$G$O7g4Y$N=$@5$K2C$($F%Q%U%)!<%^%s%9$N:GE,2=$,?^$i$l$F$*$j!"1F6A$r7Z8:$G$-$k!#(B http://www.isc.org/sw/bind/bind-security.php $B$r;2>H!#(B

    The patches will have a noticeable impact on the performance of BIND caching resolvers with query rates at or above 10,000 queries per second. The beta releases include optimized code that will reduce the impact in performance to non-significant levels.

    $B$^$?(B ISC $B$O%U%!%$%"%&%)!<%k%]%j%7!<$K4X$9$kCm0U$r8F$S$+$1$F$$$k!#(B

    DNS administrators who operate these servers behind port-restricted firewalls are encouraged to review their firewall policies to allow this protocol-compliant behavior. Restricting the possible use of various UDP ports, for instance at the firewalls, in outgoing queries and the corresponding replies will result in decreased security for the DNS service.

    $B$"$H!"$$$D$b$N$*$3$H$P!#(B

    Again, DNSSEC is the definitive solution to this type of attack. ISC strongly encourages DNS administrators to deploy DNSSEC as soon as possible to fully address this problem. DNS domain owners that want their data to be protected against spoofing to the end-user must sign their zones. ISP and Enterprise DNS administrators who provide caching recursive name servers to their users should enable DNSSEC validation.

    $B$3$s$J$N$b!#(B

    DNSSEC Lookaside Validation (DLV), offered by ISC and others, is another DNSSEC deployment option.

    RFC5074: DNSSEC Lookaside Validation (DLV) $B$H$$$&$b$N$,$"$k$N$G$9$+!#$0$0$C$F$_$?$i!"(BDNSSEC$B$NJY6/(B (7) (yebo blog, 2007.01.18) $B$rH/8+!#(B

  • Noninum - Nominum Security Advisory NOM-20080708$B!#(B Nominum Information for VU#800113 $B$K$h$k$H!"(BCNS 3.0.4.0 $B0J>e(B / Vantio 3.3.1.0 $B0J>e$G(B CVE-2008-1447 $B$KBP1~$7$F$$$kLOMM!#(B

  • Microsoft - Windows 2000 / XP / Server 2003 / Server 2008 $B$K7g4Y!#(B Windows Vista $B$K$O$3$N7g4Y$O$J$$!#(BMS08-037 - $B=EMW(B: DNS $B$N@H (Microsoft) $B$r;2>H!#(B

    patch $B$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B $B$J$*!"$3$N(B patch $B$rE,MQ$9$k$H!"(BZoneAlerm $B$,IT6q9g$r5/$3$9(B$B$h$&$G$9!#(B

  • Cisco - $B0lIt$N%W%m%@%/%H$K(B CVE-2008-1447 $B7g4Y!#>\:Y$K$D$$$F$O(B Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks $B$r;2>H!#(B

  • Foundry - $B$3$N7g4Y$O$J$$!#(B

  • Juniper - Juniper Networks, Inc. Information for VU#800113 $B$r;2>H!#(B

$B!!4XO"(B:

2008.07.10 $BDI5-(B:

$B!!(BMS08-037 patch $B$G(B ZoneAlarm $B$,IT6q9g$N7o!"(B Workaround to Sudden Loss of Internet Access Problem (ZoneAlarm.com) $B$,8x3+$5$l!"=$@5HG$,G[I[$5$l$F$$$^$9!#1Q8lHG$N$h$&$G$9!#(B

$B!!$^$?2sHrJ}K!$,(B 2 $B

  1. ZoneAlarm $B$N(B [$B%$%s%?!<%M%C%H(B $B%>!<%s(B $B%;%-%e%j%F%#(B] $B%9%i%$%@!<$r(B [$BCf(B] $B$K@_Dj$9$k!#(B

  2. MS08-037 patch (KB951748) $B$r%"%s%$%s%9%H!<%k$9$k!#(B

$B!!$"$H!"DI2C>pJs(B:

2008.07.11 $BDI5-(B:

$B!!(BZoneAlarm $BOC$HF1MM$N$3$H$,(B Check Point Secure Access/Integrity $B%/%i%$%"%s%H$G$bH/@8$7$F$^$7$?OC!#99?7HG$,=P$F$$$^$9!#(B

$B!!$^$?!"(BCheckPoint VPN-1 / UTM-1 / Connectra $B$r;HMQ$7$F$$$k>l9g$O!"(BSmartDefense $B$N(B DNS $B%j%/%(%9%H!&%9%/%i%s%V%k5!G=$rM-8z$K$9$k$3$H$G!"$3$N7g4Y$r2sHr$G$-$k$=$&$G$9!#(B

$B!!$"$H!"(BDNS$B$N@H (Open Tech Press, 2008.07.11) $B$K$h$k$H!"(BKaminsky$B;a$N(BWeb$B%5%$%H(B $B$N(B [Check My DNS] $B%\%?%s$G<+?H$N(B DNS $B%5!<%P$r8!::$G$-$k$=$&$G$9!#(B

2008.07.12 $BDI5-(B:

$B!!$5$i$J$k8!::J}K!!#(Bdig +short porttest.dns-oarc.net TXT $B$r

$B!!(BWindows $B$J?M$O!"(BWindows $BMQ$N(B BIND $B%P%$%J%j(B$B$r;H$&$H$+!#(B

2008.07.18 $BDI5-(B:

$B!!(BBlue Coat $B$N>u67(B: DNS CACHE POISONING VULNERABILITY (CERT VU#800113) (Blue Coat, 2008.07.14)$B!#J#?t$N%W%m%@%/%H$K(B patch $B$,MQ0U$5$l$F$$$^$9!#(B

2008.07.22 $BDI5-(B:

$B!!4XO"(B:

2008.07.23 $BDI5-(B:

$B!!(B$BJ#?t$N(B DNS $B%5!<%P@=IJ$K$*$1$k%-%c%C%7%e%]%$%:%K%s%0$N@H (JPCERT/CC, 2008.07.09) $B$,99?7$5$l$^$7$?!#(B

2008$BG/(B7$B7n(B22$BF|!"Ev=i$NM=Dj$h$jAa$/K\@HpJs$,8m$C$F8x3+$5$l$^$7$?!#$3$N$?$a!"6aF|Cf$KK\@H

2008.07.24 $BDI5-(B:

$B!!4XO"(B:

2008.07.29 $BDI5-(B:

$B!!4XO"(B:

2008.07.30 $BDI5-(B:

$B!!4XO"(B:

2008.07.31 $BDI5-(B:

$B!!4XO"(B:

2008.08.04 $BDI5-(B:

$B!!(BBIND 9.3.5-P2 / 9.4.2-P2 / 9.5.0-P2 $B$,8x3+$5$l$^$7$?!#%Q%U%)!<%^%s%9$,2~A1$5$l$F$$$k$=$&$G$9!#(B

2008.08.06 $BDI5-(B:

$B!!4XO"(B:

2008.08.08 $BDI5-(B:

$B!!4XO"(B:

2008.08.11 $BDI5-(B:

$B!!4XO"(B:

2008.08.14 $BDI5-(B:

$B!!4XO"(B:

2008.08.19 $BDI5-(B:

$B!!4XO"(B:

2008.08.25 $BDI5-(B:

$B!!4XO"(B:

2008.08.27 $BDI5-(B:

$B!!4XO"(B:

  • $B6<0R%l%Y%k(B ($B%H%l%s%I%^%$%/%m(B)$B!#(B2008.08.27 20:45 $B8=:_!"$3$&$J$C$F$$$k!#(B

    $B8=:_$N6<0R%l%Y%k!!!'!!$9$Y$FCf(B

    $BJ#?t$N%"%W%j%1!<%7%g%s$KEO$k1F6A$,A[Dj$5$l$k(BDNS$B%-%c%C%7%e%]%$%:%K%s%0$N@H $B$3$N@HuBV$+!"$^$?4XO"$9$k%;%-%e%j%F%#>pJs$,L5$$$+$43NG'$/$@$5$$!#(B

  • $B%M%C%H$N4IM}%7%9%F%`$K7g4Y(B (NHK, 2008.08.27)$B!#JI$K$+$1$i$l$F$$$k3[1o$N0LCV$,HyL/$K%:%l$F$$$k$N$,$H$F$b5$$K$J$k!"$H8@$C$F$*$1$P!"$C$F$$$k$@$m$&$+!#(B($B@hF|$b5$$K$J$C$?$N$@$,!"8@$$K:$l$?!D!D(B)

2008.09.02 $BDI5-(B:

$B!!4XO"(B:

2008.09.16 $BDI5-(B:

$B!!4XO"(B:

2008.09.18 $BDI5-(B:

$B!!(BDNS$B%-%c%C%7%e%]%$%:%K%s%0$N@H (IPA, 2008.09.18)$B!#LdBj$KBP1~$9$k$?$a$N(B 3 $B$D$N%]%$%s%H$H!"$=$l$i$r3NG'$9$kJ}K!!#(B

2008.10.03 $BDI5-(B:

$B!!4XO"(B:

2008.11.13 $BDI5-(B:

$B!!4XO"(B:

2008.11.23 $BDI5-(B:

$B!!4XO"(B:

2009.12.10 $BDI5-(B:

$B!!(BMS08-037 - $B=EMW(B: DNS $B$N@H (Microsoft) $B$N(B Windows 2000 $BMQ$N(B patch $B$,:F%j%j!<%9$5$l$F$$$k!#(B

$B$3$N%;%-%e%j%F%#>pJs$O(B 2009 $BG/(B 12 $B7n(B 9 $BF|$K$J$<99?7$5$l$?$N$G$9$+(B?
$B%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r99?7$7!"(BMicrosoft Windows 2000 Service Pack 4 $B>e$N(B DNS $B%/%i%$%"%s%HMQ$N99?7%W%m%0%i%`(B (KB951748) $B$r:FDs6!$7!"DI2C$N%3!<%I(B $B%Q%9$KHs>o$K%i%s%@%`$J(B DNS $B%H%i%s%6%/%7%g%s(B ID $B$rDs6!$7$^$7$?!#$=$NB>$N(B Windows $B%W%i%C%H%U%)!<%`$H0[$J$j!"(BMicrosoft Windows 2000 $B$G$O(B DNS $B%H%i%s%6%/%7%g%s$K(B 2 $B$D$N%3!<%I%Q%9$,$"$j$^$9!#0JA0$N99?7%W%m%0%i%`$O!"$3$l$i$N%3!<%I(B $B%Q%9$N$&$A(B 1 $B$D$G$N%H%i%s%6%/%7%g%s(B ID $B$N%i%s%@%`2=$N$_$rDs6!$7$F$$$^$7$?!#$3$N99?7%W%m%0%i%`$NDs6!$G!"F1$8%H%i%s%6%/%7%g%s(B ID $B$N%i%s%@%`2=$,(B Microsoft Windows 2000 $B>e$N$b$&0lJ}$N%Q%9$KDs6!$5$l$^$9!#(BMicrosoft Windows 2000 Service Pack 4 (KB951748) $B>e$N(B DNS $B%/%i%$%"%s%HMQ$N99?7%W%m%0%i%`$r0JA0$K%$%s%9%H!<%k$5$l$?$*5RMM$O<+F0E*$K:FDs6!$5$l$k99?7%W%m%0%i%`$r%$%s%9%H!<%k$9$kI,MW$,$"$j$^$9!#$=$NB>$N99?7%W%m%0%i%`$K$D$$$F$O!":#2s$N:F%j%j!<%9$K$h$k1F6A$O$"$j$^$;$s!#(B

$B!!$D$^$j!"$3$l$^$G$NBP1~$OCfESH>C<$@$C$?$H!#(B

2009.12.17 $BDI5-(B:

$B!!$^$?$b$d(B MS08-037 patch $B$NI{:nMQ$M$?!#(B

$B"#(B $B$$$m$$$m(B (2008.07.09)
(various)

$B"#(B 2008.07.08

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H
(Microsoft, 2008.07.08)

$B!!(BSnapshot Viewer for Microsoft Access $B$K7g4Y!#(Bsnapview.ocx $B$N(B ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$rVU#837785$B!"(B CAN-2008-2463$B!#(B

$B!!$3$N%=%U%H$O(B Access 2003 $B0JA0(B (Access 2003, 2002, 2000, 98, $B!D!D(B) $B$KF1:-$5$l$F$$$k!#(B

$B!!=$@5%W%m%0%i%`$O$^$@$J$$!# 

{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}
{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}
{F2175210-368C-11D0-AD81-00A0C90DC8D9}

$B!!(Bkill bit $B@_DjMQ(B .reg $B%U%!%$%k$O(B$B$3$A$i(B$B!#(B

$B!!$3$N%=%U%H$NL>A0$O(B Snapshot Viewer for Microsoft Access $B$J$N$+!"$=$l$H$b(B Microsoft Access Snapshot Viewer $B$J$N$+!"$O$C$-$j$7$FD:$-$?$$!#%^%$%/%m%=%U%H$O$o$+$j$^$7$?$+!#(B

2008.07.18 $BDI5-(B:

$B!!@kEA(B: $B%A%'%C%/!&%]%$%s%H!"(BInternet Explorer $B$N%Q%C%AL$8x3+$N@H (checkpoint, 2008.07.17)$B!#(B

2008.07.29 $BDI5-(B:

$B!!(BMs-Access SnapShot Exploit Snapview.ocx v 10.0.5529.0 (milw0rm)

2008.08.13 $BDI5-(B:

$B!!(BMS08-041 - $B6[5^(B: Microsoft Access Snapshot Viewer $B$N(B ActiveX $B%3%s%H%m!<%k$N@H $B$G=$@5$5$l$?!#$?$@$7!"%9%?%s%I%"%m%sHG$N(B Microsoft Access Snapshot Viewer $B$@$1$O!"$^$@=$@5HG$,MQ0U$5$l$F$$$J$$!#(B

2008.08.14 $BDI5-(B:

$B!!4XO"(B: MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control (Microsoft Security Vulnerability Research & Defense, 2008.08.12)

2008.10.20 $BDI5-(B:

$B!!$h$&$d$/%9%?%s%I%"%m%sHG$N(B Microsoft Access Snapshot Viewer $B$,EP>l!#(B MS08-041 - $B6[5^(B: Microsoft Access Snapshot Viewer $B$N(B ActiveX $B%3%s%H%m!<%k$N@H $B$r;2>H!#(B

$B"#(B 2008.07.07

$B"#(B 2008.07.06

$B"#(B 2008.07.04

$B"#(B Opera 9.51 for Windows Changelog
(Opera, 2008.07.04)

$B!!(BOpera 9.51 $BEP>l!#(B4 $B$D$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2008.07.03)

$B!!(BFreeStyleWiki $B$N(B patch $B$,2~D{$5$l$F$$$^$9!#4XO"(B: $B%;%-%e%j%F%#%Q%C%AE,MQ%(%i!<(B (fswiki.org, 2008.07.03)$B!#$O$;$,$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B:G?7HG$N(BAVG$B$K$h$C$F!"%H%i%U%#%C%/$,A}Bg!)(B

$B!!4XO"(B:

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2008 $BG/(B 7 $B7n(B
(Microsoft, 2008.07.04)

$B!!M=Dj$5$l$F$$$k$N$O!"=EMW(B x 4 $B$G$9!#$R$5$7$V$j$K(B SQL Server $B$d(B Exchange Server $B$N7g4Y$,=$@5$5$l$kLOMM$J$N$GCm0U!#(B

$B!!4XO"(B: 2008$BG/(B7$B7n$N%;%-%e%j%F%#%j%j!<%9M=Dj(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2008.07.04)

$B"#(B 2008.07.03

$B"#(B $B$$$m$$$m(B (2008.07.03)
(various)

2008.07.04 $BDI5-(B:

$B!!(BFreeStyleWiki $B$N(B patch $B$,2~D{$5$l$F$$$^$9!#4XO"(B: $B%;%-%e%j%F%#%Q%C%AE,MQ%(%i!<(B (fswiki.org, 2008.07.03)$B!#$O$;$,$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

Firefox 2.0.0.15 $B%j%j!<%9%N!<%H(B

$B!!(BSeaMonkey 1.1.10 $B$,8x3+$5$l$F$$$^$9!#(B

$B!!(B$B%;%-%e%j%F%#%"%I%P%$%6%j(B$B$,8x3+$5$l$F$$$^$9!#$$$:$l$N7g4Y$b!"(B Firefox 3.0 / 2.0.0.15$B!"(BSeaMonkey 1.1.10 $B$G=$@5$5$l$F$$$^$9!#$*$*$+$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2008.07.02

$B"#(B Firefox 2.0.0.15 $B%j%j!<%9%N!<%H(B
(mozilla.jp, 2008.07.01)

$B!!(BFirefox 2 $B$N:G?7HG(B 2.0.0.15 $BEP>l!#(BMFSA 2008-21$B!A(B25$B!"(BMFSA 2008-27$B!A(B33 $B$,=$@5$5$l$F$$$k!D!D$,!"$$$:$l$K$D$$$F$b>\:Y>pJs$,0l@Z8x3+$5$l$F$$$J$$!#(B Firefox 3 $B$K$b3:Ev$9$k$N$+H]$+!"$K$D$$$F$bITL@!#(B

2008.07.03 $BDI5-(B:

$B!!(BSeaMonkey 1.1.10 $B$,8x3+$5$l$F$$$^$9!#(B

$B!!(B$B%;%-%e%j%F%#%"%I%P%$%6%j(B$B$,8x3+$5$l$F$$$^$9!#$$$:$l$N7g4Y$b!"(B Firefox 3.0 / 2.0.0.15$B!"(BSeaMonkey 1.1.10 $B$G=$@5$5$l$F$$$^$9!#$*$*$+$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B About the security content of Security Update 2008-004 and Mac OS X 10.5.4
(Apple, 2008.07.01)

$B!!(BSecurity Update 2008-004 / Mac OS X v10.5.4 $BEP>l!#(B

$B"#(B About the security content of Safari 3.1.2 for Mac OS X 10.4.11
(Apple, 2008.07.01)

$B!!(BMac OS X 10.4.11 $BMQ$N(B Safari 3.1.2$B!#(BCVE-2008-2307 $B$,=$@5$5$l$F$$$k(B ($B>e5-;2>H(B)$B!#(B $B$J$*!"(BMac OS X 10.5.x $BMQ$N(B Safari 3.1.2 $B$O(B Mac OS X v10.5.4 $B$K4^$^$l$F$$$k!#(B

$B"#(B 2008.07.01

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954960) Microsoft Windows Server Update Services (WSUS) $B$K$h$k%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+$,%V%m%C%/$5$l$k(B
(Microsoft, 2008.07.01)

$B!!(BWSUS 3.0 / 3.0 SP1 $B$K$*$$$F!"%+%?%m%0$K=EJ#%(%s%H%j$,H/@8$7!"$3$l$K$h$C$FF14|$K<:GT$9$k$3$H$,$"$kLOMM!#=EJ#$,H/@8$7$F$$$k%U%!%$%k$O(B Office 2003 Service Pack 1 $B$N$h$&$G!"(BWSUS 3 $B$N\:Y$O(B 954960 $B$r;2>H!#(B

$B!!4XO"(B:

2008.07.10 $BDI5-(B:

$B!!(BAdvisory $B$,2~D{$5$l$?!#$3$NLdBj$r2r7h$9$k$?$a$N=$@5%W%m%0%i%`$,MQ0U$5$l$?$=$&$@!#(BSome computers do not receive updates from the WSUS server (Microsoft KB954960) $B;2>H!#(B

2008.07.14 $BDI5-(B:

$B!!(BWindows 2008 $B>e$G>e5-=$@5%W%m%0%i%`$rE,MQ$9$k$K$O!"%(%/%9%W%m!<%i$+$i1&%/%j%C%/$7$F(B [$B4IM}

$B!!$^$?!"$3$N=$@5%W%m%0%i%`$O%"%s%$%s%9%H!<%k$G$-$J$$$=$&$@!#(B

2008.08.13 $BDI5-(B:

$B!!2~D{HG$N=$@5%W%m%0%i%`$,(B Microsoft Update $B$GF~

2008.08.14 $BDI5-(B:

$B!!(BWSUS $B%"%I%P%$%6%j(B 954960 $B$K$D$$$F(B (Japan WSUS Support Team Blog, 2008.08.13)

$B"#(B $BDI5-(B

APSB08-15 - Security Update available for Adobe Reader and Acrobat 8.1.2

$B!!F|K\8lHG%"%I%P%$%6%jEP>l(B: APSB08-15 - Adobe Reader/Acrobat 8.1.2$B$K4X$9$k%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe)

$B!!$"$H!"%@%&%s%m!<%I@h(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954462) $B%f!<%6!<(B $B%G!<%?F~NO$NL$8!>Z$r0-MQ$7$?(B SQL $B%$%s%8%'%/%7%g%s967b$NA}2C(B

$B!!4XO"(B: New tools to block and eradicate SQL injection (Security Vulnerability Research & Defense, 2008.06.24)

IE $B$KJ#?t$N7g4Y(B

$B!!4XO"(B:

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B