2013 %u5e74 12 %u6708%u306e%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u66f4%u65b0%u30d7%u30ed%u30b0%u30e9%u30e0%u306e%u30ea%u30b9%u30af%u8a55%u4fa1

by | Dec 11, 2013 | BizTalk Community Blogs via Syndication | 0 comments

%u672c%u8a18%u4e8b%u306f%u3001Security Research & Defense %u306e%u30d6%u30ed%u30b0 “Assessing risk for the December 2013 security updates” (2013 %u5e74 12 %u6708 10 %u65e5%u516c%u958b) %u3092%u7ffb%u8a33%u3057%u305f%u8a18%u4e8b%u3067%u3059%u3002

%u672c%u65e5%u300124 %u4ef6%u306e CVE %u3092%u89e3%u6c7a%u3059%u308b 11 %u4ef6%u306e%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u60c5%u5831%u3092%u30ea%u30ea%u30fc%u30b9%u3057%u307e%u3057%u305f%u3002%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u60c5%u5831%u306e%u5185%u30015 %u4ef6%u306f%u6700%u5927%u6df1%u523b%u5ea6%u304c%u300c%u7dca%u6025%u300d%u3001%u305d%u3057%u3066 6 %u4ef6%u304c%u300c%u91cd%u8981%u300d%u3067%u3057%u305f%u3002%u304a%u5ba2%u69d8%u306e%u74b0%u5883%u306b%u6700%u9069%u306a%u66f4%u65b0%u30d7%u30ed%u30b0%u30e9%u30e0%u306e%u9069%u7528%u512a%u5148%u9806%u4f4d%u306e%u6c7a%u5b9a%u304c%u884c%u3048%u308b%u3088%u3046%u3001%u4ee5%u4e0b%u306e%u8868%u3092%u3054%u6d3b%u7528%u304f%u3060%u3055%u3044%u3002

 

%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u60c5%u5831

%u6700%u3082%u8d77%u3053%u308a%u3046%u308b%u653b%u6483%u30d9%u30af%u30bf%u30fc

%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u60c5%u5831%u6700%u5927%u6df1%u523b%u5ea6

%u6700%u5927%u60aa%u7528%u53ef%u80fd%u6027%u6307%u6a19

%u516c%u958b 30 %u65e5%u4ee5%u5185%u306e%u5f71%u97ff

%u30d7%u30e9%u30c3%u30c8%u30d5%u30a9%u30fc%u30e0%u7de9%u548c%u7b56%u3001%u304a%u3088%u3073%u7279%u8a18%u4e8b%u9805

MS13-096

(GDI+ TIFF%u89e3%u6790)

%u88ab%u5bb3%u8005%u304c%u60aa%u610f%u306e%u3042%u308b Office %u30c9%u30ad%u30e5%u30e1%u30f3%u30c8%u3092%u958b%u304f%u3002

%u7dca%u6025

1

CVE-2013-3906 %u3092%u4f7f%u7528%u3057%u305f Office %u30c9%u30ad%u30e5%u30e1%u30f3%u30c8%u3078%u306e%u653b%u6483%u304c%u7d9a%u304f%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3 %u30a2%u30c9%u30d0%u30a4%u30b6%u30ea 2896666 %u3067%u521d%u3081%u3066%u89e3%u8aac%u3055%u308c%u305f%u8106%u5f31%u6027%u3092
%u89e3%u6c7a%u3057%u307e%u3059%u3002%u3053%u308c%u3089%u306e%u653b%u6483%u306b%u95a2%u3059%u308b%u8a73%u7d30%u60c5%u5831%u306f 11 %u6708%u306e SRD %u30d6%u30ed%u30b0
%u6295%u7a3f%u306b%u3066%u8aac%u660e%u3055%u308c%u3066%u3044%u307e%u3059%u3002

MS13-097

(Internet Explorer)

%u88ab%u5bb3%u8005%u304c%u60aa%u610f%u306e%u3042%u308b Web %u30da%u30fc%u30b8%u3092%u95b2%u89a7%u3059%u308b%u3002

%u7dca%u6025

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

5 %u4ef6%u306e%u300c%u30ea%u30e2%u30fc%u30c8%u3067%u30b3%u30fc%u30c9%u304c%u5b9f%u884c%u3055%u308c%u308b%u300d%u3001%u304a%u3088%u3073 2 %u4ef6%u306e%u300c%u7279%u6a29%u306e
%u6607%u683c%u300d%u306e%u8106%u5f31%u6027%u3092%u89e3%u6c7a%u3057%u307e%u3059%u3002%u300c%u7279%u6a29%u306e%u6607%u683c%u300d%u306e%u8106%u5f31%u6027%u306f%u3001
%u653b%u6483%u8005%u304c%u3001%u65e2%u306b%u30b3%u30fc%u30c9%u5b9f%u884c%u3092%u9054%u6210%u3057%u305f%u74b0%u5883%u5185%u3067%u3001%u305d%u306e%u5f8c%u3001
Internet Explorer %u4fdd%u8b77%u30e2%u30fc%u30c9%u304b%u3089%u6607%u683c%u3059%u308b%u305f%u3081%u306b%u5229%u7528%u3055%u308c%u308b
%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

MS13-099

(VBScript)

%u88ab%u5bb3%u8005%u304c%u60aa%u610f%u306e%u3042%u308b Web %u30da%u30fc%u30b8%u3092%u95b2%u89a7%u3059%u308b%u3002

%u7dca%u6025

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

%u76f4%u63a5%u7684%u306b%u306f%u3001%u30d6%u30e9%u30a6%u30b6%u30fc%u5185%u306e%u8106%u5f31%u6027%u3067%u306f%u3042%u308a%u307e%u305b%u3093%u3002%u305f%u3060%u3057%u3001
Scripting.Dictionary ActiveX %u30b3%u30f3%u30c8%u30ed%u30fc%u30eb%u306f%u4e8b%u524d%u627f%u8a8d%u306e
%u30ea%u30b9%u30c8%u306b%u3042%u308b%u306e%u3067%u3001%u3059%u3050%u306b%u30ed%u30fc%u30c9%u53ef%u80fd%u3067%u3059%u3002

MS13-105

(Exchange)

%u653b%u6483%u8005%u304c%u3001%u60aa%u610f%u306e%u3042%u308b%u6dfb%u4ed8%u30d5%u30a1%u30a4%u30eb%u4ed8%u304d%u306e%u96fb%u5b50%u30e1%u30fc%u30eb%u3092%u9001%u308a%u3001%u88ab%u5bb3%u8005%u304c%u305d%u306e%u6dfb%u4ed8%u30d5%u30a1%u30a4%u30eb%u3092 Outlook Web Access %u5185%u306e Web %u30da%u30fc%u30b8%u3068%u3057%u3066%u95b2%u89a7%u3059%u308b%u3088%u3046%u8a98%u5c0e%u3059%u308b%u3002%u653b%u6483%u8005%u306f%u3001Web %u30da%u30fc%u30b8%u3092%u4f5c%u6210%u3059%u308b%u3053%u3068%u3067%u3001%u30b5%u30fc%u30d0%u30fc%u5074%u306e%u30d7%u30ed%u30bb%u30b9%u3092%u5371%u967a%u306b%u3055%u3089%u3059%u53ef%u80fd%u6027%u304c%u3042%u308b%u3002

%u7dca%u6025

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

2013 %u5e74 10 %u6708%u306e%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u66f4%u65b0%u30d7%u30ed%u30b0%u30e9%u30e0%u306b%u63b2%u8f09%u3055%u308c%u3066%u3044%u308b
Oracle Outside In %u306e%u554f%u984c%u3092%u89e3%u6c7a%u3057%u307e%u3059: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html (%u82f1%u8a9e%u60c5%u5831)

MS13-098

(Authenticode)

%u30e6%u30fc%u30b6%u30fc%u304c%u4fe1%u983c%u6e08%u307f%u306e%u30b5%u30fc%u30c9%u30d1%u30fc%u30c6%u30a3%u30fc%u304c%u7f72%u540d%u3057%u305f%u60aa%u610f%u306e%u3042%u308b%u30a4%u30f3%u30b9%u30c8%u30fc%u30e9%u30fc%u3092%u5b9f%u884c/%u30c0%u30d6%u30eb%u30af%u30ea%u30c3%u30af%u3059%u308b%u3053%u3068%u3067%u3001%u88ab%u5bb3%u8005%u306e%u30b3%u30f3%u30d4%u30e5%u30fc%u30bf%u30fc%u304c%u611f%u67d3%u3057%u3001%u305d%u308c%u306b%u7d9a%u3044%u3066%u3001%u60aa%u610f%u306e%u3042%u308b%u5b9f%u884c%u30d5%u30a1%u30a4%u30eb%u3092%u30c0%u30a6%u30f3%u30ed%u30fc%u30c9%u3059%u308b%u3088%u3046%u306b%u653b%u6483%u8005%u304b%u3089%u8b66%u544a%u3055%u308c%u308b%u3002

%u7dca%u6025

1

30 %u65e5%u4ee5%u5185%u306b%u9650%u5b9a%u7684%u306a%u6a19%u7684%u578b%u653b%u6483%u304c%u7d99%u7d9a%u3059%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

%u3053%u306e%u554f%u984c%u306f%u3001%u521d%u3081%u306b%u60aa%u610f%u306e%u3042%u308b%u30d0%u30a4%u30ca%u30ea%u3092%u5b9f%u884c%u3059%u308b%u3053%u3068%u3092%u9078%u629e%u3057%u305f
%u30e6%u30fc%u30b6%u30fc%u306b%u4f9d%u5b58%u3057%u3066%u3044%u307e%u3059%u3002%u3053%u306e%u554f%u984c%u306b%u95a2%u3059%u308b%u8a73%u7d30%u60c5%u5831%u3001%u304a%u3088%u3073%u3001
%u8ffd%u52a0%u306e%u5f37%u5316%u7b56%u306b%u3064%u3044%u3066%u306f%u3053%u3061%u3089%u3092%u3054%u53c2%u7167%u304f%u3060%u3055%u3044: http://blogs.technet.com/b/srd/archive/2013/12/10/ms13-098-update-to-enhance-the-security-of-authenticode.aspx (%u82f1%u8a9e%u60c5%u5831)

MS13-100

(SharePoint)

%u8106%u5f31%u6027%u306e%u3042%u308b SharePoint %u30b5%u30fc%u30d0%u30fc%u3092%u8a8d%u8a3c%u3067%u304d%u308b%u653b%u6483%u8005%u306f%u3001%u4e0d%u6b63%u78ba%u306b%u9006%u30b7%u30ea%u30a2%u30eb%u5316%u3055%u308c%u305f%u30c7%u30fc%u30bf blob %u3092%u9001%u308b%u3002%u7d50%u679c%u3001%u30b5%u30fc%u30d0%u30fc%u5074%u3067%u30b3%u30fc%u30c9%u5b9f%u884c%u304c%u8d77%u3053%u308a%u3048%u308b%u3002

%u91cd%u8981

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

%u653b%u6483%u304c%u6210%u529f%u3057%u305f%u5834%u5408%u3001%u8a8d%u8a3c%u30e6%u30fc%u30b6%u30fc%u304c SharePoint %u30b5%u30a4%u30c8%u4e0a%u306e
W3WP %u30b5%u30fc%u30d3%u30b9 %u30a2%u30ab%u30a6%u30f3%u30c8%u306b%u6607%u683c%u3055%u308c%u307e%u3059%u3002

MS13-101

(%u30ab%u30fc%u30cd%u30eb %u30e2%u30fc%u30c9 %u30c9%u30e9%u30a4%u30d0%u30fc)

%u7279%u6a29%u306e%u4f4e%u3044%u72b6%u614b%u3067%u30b3%u30fc%u30c9%u3092%u5b9f%u884c%u3057%u3066%u3044%u308b%u653b%u6483%u8005%u306f%u3001SYSTEM %u306b%u6607%u683c%u3059%u308b%u305f%u3081%u306b%u60aa%u7528%u30d0%u30a4%u30ca%u30ea%u3092%u5b9f%u884c%u3059%u308b%u3002

%u91cd%u8981

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

%u4e3b%u306b%u3001win32k.sys %u30ed%u30fc%u30ab%u30eb %u306e%u7279%u6a29%u306e%u6607%u683c%u306e%u8106%u5f31%u6027%u3092%u89e3%u6c7a%u3057%u307e%u3059%u3002
%u30d5%u30a9%u30f3%u30c8%u306e%u554f%u984c%u3082%u89e3%u6c7a%u3057%u3066%u3044%u307e%u3059%u304c%u3001%u30b5%u30fc%u30d3%u30b9%u62d2%u5426%u306e%u307f%u3067
%u30b3%u30fc%u30c9%u5b9f%u884c%u306f%u8d77%u3053%u3063%u3066%u3044%u307e%u305b%u3093%u3002

MS13-102

(LPC)

Windows XP%u3001%u3042%u308b%u3044%u306f

Windows Server 2003

%u4e0a%u3067%u3001%u7279%u6a29%u306e%u4f4e%u3044%u72b6%u614b%u3067%u30b3%u30fc

%u30c9%u3092%u5b9f%u884c%u3057%u3066%u3044%u308b%u653b%u6483%u8005%u306f%u3001

SYSTEM %u306b%u6607%u683c%u3059%u308b%u305f%u3081%u306b

%u60aa%u7528%u30d0%u30a4%u30ca%u30ea%u3092%u5b9f%u884c%u3059%u308b%u3002

%u91cd%u8981

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

Windows Vista%u3001%u3082%u3057%u304f%u306f%u305d%u308c%u4ee5%u964d%u306e Windows %u306e%u30d0%u30fc%u30b8%u30e7%u30f3%u306b%u306f
%u5f71%u97ff%u3092%u4e0e%u3048%u307e%u305b%u3093%u3002

MS13-106

(hxds.dll ASLR %u30d0%u30a4%u30d1%u30b9%u7de9%u548c)

%u653b%u6483%u8005%u306f%u3053%u306e%u8106%u5f31%u6027%u3092%u3001%u30b7%u30b9%u30c6%u30e0%u3092%u5371%u967a%u306b%u3055%u3089%u3059%u305f%u3081%u306b%u3001(%u5225%u306e) %u30b3%u30fc%u30c9%u5b9f%u884c%u306e%u8106%u5f31%u6027%u3068%u7d44%u307f%u5408%u308f%u305b%u308b%u3002

%u91cd%u8981

%u306a%u3057

%u3053%u306e%u554f%u984c%u306f%u3001%u5b9f%u74b0%u5883%u3067%u306e%u30d6%u30e9%u30a6%u30b6%u30fc %u30d9%u30fc%u30b9%u306e%u653b%u6483%u306b%u304a%u3044%u3066%u60aa%u7528%u30b3%u30f3%u30dd%u30fc%u30cd%u30f3%u30c8%u3068%u3057%u3066%u4f7f%u7528%u3055%u308c%u307e%u3059%u3002

%u3053%u306e%u8106%u5f31%u6027%u306f%u76f4%u63a5%u7684%u306b%u306f%u30b3%u30fc%u30c9%u5b9f%u884c%u306f%u3082%u305f%u3089%u3057%u307e%u305b%u3093%u3002%u305f%u3060%u3057%u3001
%u653b%u6483%u8005%u304c ASLR %u3092%u30d0%u30a4%u30d1%u30b9%u3059%u308b%u305f%u3081%u306b%u5229%u7528%u3059%u308b%u30b3%u30f3%u30dd%u30fc%u30cd%u30f3%u30c8%u3067%u306f
%u3042%u308a%u307e%u3059%u3002%u3053%u306e%u30bb%u30ad%u30e5%u30ea%u30c6%u30a3%u66f4%u65b0%u30d7%u30ed%u30b0%u30e9%u30e0%u3092%u9069%u7528%u3059%u308b%u3053%u3068%u3067%u3001
%u66f4%u65b0%u30d7%u30ed%u30b0%u30e9%u30e0%u304c%u30b3%u30fc%u30c9%u5b9f%u884c%u306e%u8106%u5f31%u6027%u306b%u9069%u7528%u3055%u308c%u306a%u3044%u5834%u5408%u306b
%u304a%u3044%u3066%u3082%u3001%u591a%u6570%u306e%u5b9f%u74b0%u5883%u3067%u306e%u60aa%u7528%u3092%u963b%u6b62%u3057%u307e%u3059%u3002

MS13-104

(Office)

%u653b%u6483%u8005%u304c%u3001%u88ab%u5bb3%u8005%u306b%u5bfe%u3057%u60aa%u610f%u306e%u3042%u308b%u30b5%u30fc%u30d0%u30fc%u3078%u306e%u30ea%u30f3%u30af%u3092%u9001%u4fe1%u3059%u308b%u3002%u88ab%u5bb3%u8005%u304c%u30ea%u30f3%u30af%u3092%u30af%u30ea%u30c3%u30af%u3057%u305f%u5834%u5408%u3001%u30e6%u30fc%u30b6%u30fc %u30c8%u30fc%u30af%u30f3%u304c%u60aa%u610f%u306e%u3042%u308b%u30b5%u30fc%u30d0%u30fc%u306b%u30ad%u30e3%u30d7%u30c1%u30e3%u30fc%u3055%u308c%u308b%u3088%u3046%u306a%u65b9%u6cd5%u3067%u3001%u30d6%u30e9%u30a6%u30b6%u30fc%u304c%u88ab%u5bb3%u8005%u306e%u4ee3%u308f%u308a%u306b Microsoft Office 365 %u30b5%u30fc%u30d0%u30fc%u306b%u30ea%u30af%u30a8%u30b9%u30c8%u3092%u9001%u308b%u3002%u305d%u306e%u7d50%u679c%u3001%u60aa%u610f%u306e%u3042%u308b%u30b5%u30fc%u30d0%u30fc%u306e%u30aa%u30fc%u30ca%u30fc%u304c%u3001%u88ab%u5bb3%u8005%u3067%u3042%u308b%u30e6%u30fc%u30b6%u30fc%u304c%u30ed%u30b0%u30a4%u30f3%u3057%u3066%u3044%u305f%u306e%u3068%u540c%u3058%u65b9%u6cd5%u3067 SharePoint %u30aa%u30f3%u30e9%u30a4%u30f3%u306b%u30ed%u30b0%u30a4%u30f3%u3067%u304d%u308b%u3088%u3046%u306b%u306a%u308b%u3002

%u91cd%u8981

%u306a%u3057

%u3053%u306e%u554f%u984c%u306f%u3001Adallom %u304c%u3053%u306e%u8106%u5f31%u6027%u3092%u4f7f%u7528%u3059%u308b%u6a19%u7684%u578b%u653b%u6483%u3092%u691c%u51fa%u3057%u3001%u30de%u30a4%u30af%u30ed%u30bd%u30d5%u30c8%u306b%u5831%u544a%u3055%u308c%u307e%u3057%u305f%u3002

Office 365 SharePoint %u30aa%u30f3%u30e9%u30a4%u30f3 %u30de%u30eb%u30c1%u30c6%u30ca%u30f3%u30c8%u578b%u306e%u30b5%u30fc%u30d3%u30b9%u306b
%u30a2%u30af%u30bb%u30b9%u3059%u308b%u305f%u3081%u306b%u3001Office 2013 %u3092%u5229%u7528%u3059%u308b%u304a%u5ba2%u69d8%u306b%u5f71%u97ff%u3092
%u4e0e%u3048%u307e%u3059%u3002

MS13-103

(SignalR)

%u653b%u6483%u8005%u304c%u3001%u30a4%u30f3%u30c8%u30e9%u30cd%u30c3%u30c8

Visual Studio Team

Foundation Server (TFS)

%u4e0a%u306e%u30af%u30ed%u30b9%u30b5%u30a4%u30c8

%u30b9%u30af%u30ea%u30d7%u30c6%u30a3%u30f3%u30b0 (XSS) %u306e%u8106

%u5f31%u6027%u3092%u60aa%u7528%u3059%u308b%u30ea%u30f3%u30af%u3092%u30a2%u30af

%u30bb%u30b9%u6a29%u3092%u6301%u3064%u88ab%u5bb3%u8005%u5b9b%u306b%u9001%u308b%u3002%u88ab%u5bb3%u8005%u304c%u30ea%u30f3%u30af%u3092%u30af%u30ea

%u30c3%u30af%u3059%u308b%u3068%u3001TFS %u30b5%u30fc%u30d0%u30fc%u4e0a

%u3067%u88ab%u5bb3%u8005%u306e%u4ee3%u308f%u308a%u306b%u3001%u672c%u6765%u306f

%u5b9f%u884c%u3057%u305f%u304f%u306a%u3044%u3067%u3042%u308d%u3046%u81ea%u52d5

%u30a2%u30af%u30b7%u30e7%u30f3%u304c%u5b9f%u884c%u3055%u308c%u308b%u3002

%u91cd%u8981

1

30 %u65e5%u4ee5%u5185%u306b%u60aa%u7528%u30b3%u30fc%u30c9%u304c%u4f5c%u6210%u3055%u308c%u308b%u53ef%u80fd%u6027%u304c%u3042%u308a%u307e%u3059%u3002

 

 

%u30b8%u30e7%u30ca%u30b5%u30f3%u30fb%u30cd%u30b9%u3001MSRC %u30a8%u30f3%u30b8%u30cb%u30a2%u30ea%u30f3%u30b0

 


Blog Post by: JSECTEAM

Submit a Comment