[ °ø Áö ] Intel Æß¿þ¾î Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2017-11-23

¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.

¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²²  Áø½ÉÀ¸·Î °¨»çµå¸®¸ç

Intel Æß¿þ¾î Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.

---------------------------------------------------------------------------

¡à °³¿ä
o IntelÞä´Â ÀÚ»ç Á¦Ç°¿¡¼­ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥ [1]
  o ¿µÇâ ¹Þ´Â ¹öÀü »ç¿ëÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í

¡à ³»¿ë
o ÀÎÅÚ¢ç °ü¸® ¿£Áø(Intel¢ç ME)
    - Ä¿³Î¿¡¼­ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5705)
    - Ä¿³Î¿¡¼­ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-5708)
    - AMT¿¡¼­ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5711, CVE-2017-5712)
       ¡Ø AMT (Active Management Technology) : ¿ø°Ý À¯Áöº¸¼ö ¹× ¹«¼± °ü¸® µîÀ» ¼öÇàÇÏ´Â ±â¼ú
o ÀÎÅÚ¢ç ¼­¹ö Ç÷§Æû ¼­ºñ½º(Intel¢ç SPS)
    - Ä¿³Î¿¡¼­ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5706)
    - Ä¿³Î¿¡¼­ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-5709)
  o ÀÎÅÚ¢ç ½Å·Ú ½ÇÇà ¿£Áø(Intel¢ç TXE)
    - Ä¿³Î¿¡¼­ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5707)
    - Ä¿³Î¿¡¼­ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡ (CVE-2017-5710)
  
¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀü
o Âü°í»çÀÌÆ®[1] ¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° È®ÀÎ

¡à ÇØ°á ¹æ¾È
o Intel ME, TXE, SPS »ç¿ëÀÚ´Â ÀÎÅÚ °Ë»ö µµ±¸( Âü°í»çÀÌÆ® [2])¸¦ »ç¿ëÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ Ãë¾àÇÑÁö È®ÀÎ ÈÄ ¾÷µ¥ÀÌÆ® ¼öÇà
o º¸¾È ¾÷µ¥ÀÌÆ®°¡ °ø°³µÈ ¿î¿µÃ¼Á¦¸¦ ¿î¿µÇÏ°í ÀÖÀ» °æ¿ì, Âü°í »çÀÌÆ®[]ÀÇ ³»¿ëÀ» ÂüÁ¶ÇÏ¿© º¸¾È ¾÷µ¥ÀÌÆ® È®ÀÎ ¹× ¼³Ä¡
   - Acer[3]
    - Dell Client[4]
    - Dell Server[5]
    - Fujitsu[6]
    - HPE Servers[7]
    - Lenovo[8]
    - Panasonic[9]

¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118

[Âü°í»çÀÌÆ®]
  [1] https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr&_ga=2.147127473.74753197.1511420584-1413380157.1511420584
  [2] https://downloadcenter.intel.com/download/27150
  [3] https://us.answers.acer.com/app/answers/detail/a_id/51890
  [4] http://www.dell.com/support/article/kr/ko/krdhs1/sln308237/dell-client-statement-on-intel-me-txe-advisory--intel-sa-00086-?lang=en
  [5] http://www.dell.com/support/article/kr/ko/krdhs1/qna44242/dell-server-statement-on-intel-me-txe-advisory--intel-sa-00086-?lang=en
  [6] http://www.fujitsu.com/global/support/products/software/security/products-f/itsa-00086e.html
  [7] https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00036596en_us
  [8] https://support.lenovo.com/kr/ko/product_security/len-17297
  [9] http://pc-dl.panasonic.co.jp/itn/info/osinfo20171121.html
  

---------------------------------------------------------------------------

                    Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼­ºñ½º  [ È£½ºÆ®¸ÕÆ® ]