$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Wed Nov 18 01:05:24 2009 +0900 (JST)

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2009.11.17

$B"#(B $BDI5-(B

$B652J=q$K:\$i$J$$(BWeb$B%"%W%j%1!<%7%g%s%;%-%e%j%F%#(B

$B!!4XO"(B: Firefox 2.0.0.20 $B$K$*$1$k(BinnerHTML$B$NITHw(B (hoshikuzu | star_dust $B$N=q:X(B, 2009.11.17)

$B"((B2009/2/27$B$K!N$3$l$O$R$I$$!O(BIE$B$N0zMQId$N2r/$7Aa$$%?%$%_%s%0$G$"$l$P!"(BOpera$B$d(BFirefox$B$G$NN`;w%P%0$,B8:_$7$F$$$?$3$H$H$J$j$^$9!#$A$J$_$K!"(BOpera$B$NJ}$,@h$K=$@5$5$l$F$$$?$N$G$9$M!#(B(;-p)

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!(B$B!V(BGumblar$B!W9s;w%&%$%k%9Ho323HBg!"9qFb(B1250$B%5%$%H0J>e2~$6$s(B (Internet Watch, 2009.11.17)

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!(B$B%5%s%7%c%$%sKR>l$N(BRekoo$BF|K\K!?M@_N)$G!">pJsO31L$N7o$NOC(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.11.16)

$B"#(B 2009.11.16

$B"#(B $B$$$m$$$m(B (2009.11.16)
(various)

$B"#(B $BDI5-(B

APSB09-15: Security Advisory for Adobe Reader and Acrobat

$B!!(BAdobe Reader$B!"5Z$S!"(BAcrobat$B$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.11.09)

Microsoft 2009 $BG/(B 11 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!8E$$(B ATI Radeon HD 2400 $B%I%i%$%P$N7o4XO"(B: MS09-065(KB969947)$B$G(BDELL OPTIPLEX 740$B$,;`K4(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.11.11)

$B!!(BWin32k $B$N(B EOT $B2r@O$N@HCVE-2009-2514 $B$N7o4XO"(B: Windows$B$N(BEmbedded OpenType$B=hM}$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.11.16)

Windows 7 / Windows Server 2008 R2 Remote SMB Exploit

$B!!(BWindows$B$N(BSMB$B!J(BKeAccumulateTicks$B4X?t!K$N(BDoS$B967b$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.11.16)

$B!V(BOAuth$B!W%W%m%H%3%k$K@H

$B!!%W%m%H%3%k%P!<%8%g%s(B 1.0a $B$GD>$C$?$_$?$$!#(B

$B"#(B $B%"%C%W%k$O$J$<(BWindows$B$N(BAutoRun$B$K43>D$7$h$&$H$9$k$N$+(B
(ZDNet, 2009.11.16)

$B!!(BApple $B$G$9$+$i!#(B

Apple$B$,(BAutoRun$B$N4m81$rM}2r$9$k$N$K$b!"(B5$BG/!"(B10$BG/!"$"$k$$$O(B25$BG/$+$+$k$N$@$m$&$+!)(B

$B!!(B25 $BG/$?$C$F$b$o$+$i$J$$!"$K(B 1 $BI

$B"#(B 2009.11.15

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(BTLS and SSLv3 vulnerabilities explained (g-sec.lu)

$B"#(B WordPress 2.8.6 Security Release
(WordPress.org, 2009.11.12)

$B!!(BXSS $B7g4Y$H(B [Full-disclosure] WordPress <= 2.8.5 Unrestricted File Upload Arbitrar y PHP Code Execution $B$N7o$,=$@5$5$l$F$$$k$=$&$G!#(B

$B"#(B 2009.11.14

$B"#(B $BDI5-(B

Windows 7 / Windows Server 2008 R2 Remote SMB Exploit

$B!!(BSA $B=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (977544) SMB $B$N@H (Microsoft, 2009.11.14)$B!#2sHr:v$H$7$F$O!"(B139/tcp $B$*$h$S(B 445/tcp $B$r%V%m%C%/$9$k$7$+$J$$$=$&$G$9!#(B

$B"#(B 2009.11.13

$B"#(B Windows 7 / Windows Server 2008 R2 Remote SMB Exploit
(SANS ISC, 2009.11.12)

$B!!(B[Full-disclosure] Windows 7 , Server 2008R2 Remote Kernel Crash (laurent gaffie, 2009.11.11) $B$N7o!#(BWindows 7 / Windows Server 2008 R2 $B$N(B SMB $B%/%i%$%"%s%HCVE-2009-3676

2009.11.14 $BDI5-(B:

$B!!(BSA $B=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (977544) SMB $B$N@H (Microsoft, 2009.11.14)$B!#2sHr:v$H$7$F$O!"(B139/tcp $B$*$h$S(B 445/tcp $B$r%V%m%C%/$9$k$7$+$J$$$=$&$G$9!#(B

2009.11.16 $BDI5-(B:

$B!!(BWindows$B$N(BSMB$B!J(BKeAccumulateTicks$B4X?t!K$N(BDoS$B967b$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.11.16)

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 3 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-006 patch $B$K$OI{:nMQ$,$"$j!"(BHotFix $B$,MQ0U$5$l$F$$$kLOMM!#(B

Renegotiating TLS

$B!!(BStealing Cookies with SSL Renegotiation (IBM ISS, 2009.11.12)

Stable Channel Update: Google Chrome 3.0.195.32

$B!!(BGoogle Chrome 3.0.195.33 $BEP>l!#(B3.0.195.32 $B$K$O!"5/F0$K<:GT$9$kIT6q9g$,$"$C$?LOMM!#(B

$B!!%;%-%e%j%F%#=$@5$b4^$^$l$F$$$k!#(BCVE-2009-2816

Microsoft 2009 $BG/(B 11 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-065 patch + $B8E$$(B ATI Radeon HD 2400 $B%I%i%$%P$GIT6q9gH/@8$@$=$&$G!#(B

$B!!BP1~$9$k$K$O!"(Bsafe mode $B$G5/F0$7$F(B MS09-065 patch $B$r0lC6%"%s%$%s%9%H!<%k!"(B $B:F5/F0$7$F(B Radeon $B%I%i%$%P$r99?7!"$=$N8e(B MS09-065 patch $B$r:F%$%s%9%H!<%k!#(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!(BThe Gumblar system (viruslist.com, 2009.11.11)$B!#?7(B Gumblar $B$N9=B$2r@O!#(B

Why is Gumblar so widespread? The answer is quite simple: it's a fully automated system. It's a new generation of self-building botnets.

$B"#(B 2009.11.12

$B"#(B Microsoft 2009 $BG/(B 11 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2009.11.11)

MS09-063 - $B6[5^(B: Web Services on Devices API $B$N@H

$B!!(BWindows Vista / Server 2008 $B$K7g4Y!#(BWeb Services on Devices API (WSDAPI) $B$K$*$$$F!"(BWSD $B%a%C%;!<%8$NFCDj$N%X%C%@$N=hM}$K7g4Y$,$"$j!"G$0U$N%3!<%I$rCVE-2009-2512

$B!!(BExploitability Index: 2

MS09-064 - $B6[5^(B: $B%i%$%;%s%9(B $B%m%0(B $B%5!<%P!<$N@H

$B!!(BWindows 2000 Server $B$K7g4Y!#(BMicrosoft $B%i%$%;%s%9(B $B%m%0(B $B%5!<%P!<$K7g4Y$,$"$j!"96N,(B RPC $B%a%C%;!<%8$K$h$C$FG$0U$N%3!<%I$r CVE-2009-2523

$B!!(BExploitability Index: 2

MS09-065 - $B6[5^(B: Windows $B%+!<%M%k(B $B%b!<%I(B $B%I%i%$%P!<$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$K7g4Y!#(B Windows Kernel $B$K(B 3 $B$D$N7g4Y$,$"$k!#(B

  • Win32k $B$N(B NULL $B%]%$%s%?!<5U;2>H$N@HCVE-2009-1127

    Exploitability Index: 2

  • Win32k $B$N%G!<%?$NIT==J,$J8!>Z$N@HCVE-2009-2513

    GDI $B$N%+!<%M%k(B $B%3%s%]!<%M%s%H$r2p$7$?%f!<%6F~NO$N8!>Z$K7g4Y$,$"$j!"(B $BG$0U$N%3!<%I$r

  • Win32k $B$N(B EOT $B2r@O$N@HCVE-2009-2514

    $B96N,(B Embedded OpenType (EOT) $B%U%)%s%H$G%l%s%@%j%s%0$5$l$?%Z!<%8$rI=<($9$k$HG$0U$N%3!<%I$,

MS09-066 - $B=EMW(B: Active Directory $B$N@H

$B!!(BWindows 2000 Server / XP / Server 2003 / Server 2008 $B$K7g4Y!#(B Active Directory / Active Directory Application Mode (ADAM) / Active Directory Lightweight Directory Services (AD LDS) $B$K7g4Y$,$"$j!"(B $BFCDj$N(B LDAP / LDAPS $B%j%/%(%9%H$K$h$C$F(B stack $B$,>CHq$5$l$k$?$a!"(BDoS $B967b$,@.N)!#(BCVE-2009-1928

$B!!(BExploitability Index: 3

MS09-067 - $B=EMW(B: Microsoft Office Excel $B$N@H

$B!!(BExcel 2002 / 2003 / 2007$B!"(BOffice 2004 / 2008 for Mac$B!"(B Open XML File Format Converter for Mac$B!"(BExcel Viewer$B!"(B Word/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B $B$K(B 8 $B$D$N7g4Y!#(B

  • Excel $B$N%-%c%C%7%e(B $B%a%b%jGKB;$N@HCVE-2009-3127

    $B$3$N967b$O(B Microsoft Office Isolated Conversion Environment (MOICE) $B$rMxMQ$9$k$3$H$G2sHr$G$-$k!#(B Exploitability Index: 2

  • Excel $B$N(B SxView $B%a%b%jGKB;$N@HCVE-2009-3128

    $B$3$N967b$O(B Microsoft Office Isolated Conversion Environment (MOICE) $B$rMxMQ$9$k$3$H$G2sHr$G$-$k!#(B Exploitability Index: 2

  • Excel $B$N(B Featheader $B%l%3!<%I(B $B%a%b%jGKB;$N@HCVE-2009-3129

    $B$3$N967b$O(B Microsoft Office Isolated Conversion Environment (MOICE) $B$rMxMQ$9$k$3$H$G2sHr$G$-$k!#(B Exploitability Index: 1

    $B4XO"(B: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability (iDefense, 2009.11.10)

  • Excel $B$N%I%-%e%a%s%H2r@O$N%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2009-3130

    Exploitability Index: 1

  • Excel $B$N<02r@O$N%a%b%jGKB;$N@HCVE-2009-3131

    Exploitability Index: 1

  • Excel $B$N%$%s%G%C%/%92r@O$N@HCVE-2009-3132

    Exploitability Index: 2

  • Excel $B$N%I%-%e%a%s%H2r@O$N%a%b%jGKB;$N@HCVE-2009-3133

    Exploitability Index: 2

  • Excel $B$N%U%#!<%k%I$N%5%K%?%$%:$N@HCVE-2009-3134

    $B$3$N967b$O(B Microsoft Office Isolated Conversion Environment (MOICE) $B$rMxMQ$9$k$3$H$G2sHr$G$-$k!#(B Exploitability Index: 2

MS09-068 - $B=EMW(B: Microsoft Office Word $B$N@H

$B!!(BWord 2002 / 2003$B!"(BOffice 2004 / 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BWord Viewer $B$K7g4Y!#(B $B96N,(B Word $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,CVE-2009-3135$B!"(B Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability (iDefense, 2009.11.10)

$B!!(BExploitability Index: 1

2009.11.13 $BDI5-(B:

$B!!(BMS09-065 patch + $B8E$$(B ATI Radeon HD 2400 $B%I%i%$%P$GIT6q9gH/@8$@$=$&$G!#(B

$B!!BP1~$9$k$K$O!"(Bsafe mode $B$G5/F0$7$F(B MS09-065 patch $B$r0lC6%"%s%$%s%9%H!<%k!"(B $B:F5/F0$7$F(B Radeon $B%I%i%$%P$r99?7!"$=$N8e(B MS09-065 patch $B$r:F%$%s%9%H!<%k!#(B

2009.11.16 $BDI5-(B:

$B!!8E$$(B ATI Radeon HD 2400 $B%I%i%$%P$N7o4XO"(B: MS09-065(KB969947)$B$G(BDELL OPTIPLEX 740$B$,;`K4(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.11.11)

$B!!(BWin32k $B$N(B EOT $B2r@O$N@HCVE-2009-2514 $B$N7o4XO"(B: Windows$B$N(BEmbedded OpenType$B=hM}$N@HZ%l%]!<%H(B (NTT $B%G!<%?!&%;%-%e%j%F%#(B, 2009.11.16)

$B"#(B $BDI5-(B

$B%;%-%e%j%F%#%"%C%W%G!<%H(B 2009-006 / Mac OS X v10.6.2 $B$K$D$$$F(B

$B!!(BMac OS X v10.6.2 $B$G$O(B POP $BJ}LL$K;EMMJQ99$,$"$k$=$&$G(B: Mac OS X v10.6: 10.6.2 $B$K%"%C%W%G!<%H$9$k$H(B POP $B%a!<%k$r (Apple, 2009.11.09)$B!#!VG'>Z<:GT;~$K$O!"JL$NG'>ZJ}<0$r<+F0$G;n$9!W$H$$$&%"%l$J!V5!G=!W$,:o=|$5$l$?$?$a!"$3$l$KMj$C$F$$$??M$,%"%o%o$K$J$kOC!#(B $B$V$C$A$c$1<+6H<+F@$J$N$G$9$,!"$3$l$K$R$C$+$+$k$h$&$J?M$O<+6H<+F@$@$H$OG

$B"#(B About the security content of Safari 4.0.4
(Apple, 2009.11.11)

$B!!(BSafari 4.0.4 $BEP>l!#J#?t$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B%3%s%]!<%M%s%H(B CVE $BBP>](B OS $B35MW(B
ColorSync CVE-2009-2804 Windows $B96N,2hA|$K$h$kG$0U$N%3!<%I$N
libxml CVE-2009-2414 CVE-2009-2416 Windows, Mac DoS
Safari CVE-2009-2842 Windows, Mac $B>pJsO31L(B
WebKit CVE-2009-2816 Windows, Mac Cross-Site Request Forgery
WebKit CVE-2009-3384 Windows $B96N,(B FTP $B%5!<%P$K$h$kG$0U$N%3!<%I$N
WebKit CVE-2009-2841 Windows, Mac HTML 5 Media Element $B$r;H$&$H!"2hA|$NFI$_9~$_$rL58z$K@_Dj$7$F$$$F$b(B remote $B$N2;3Z!&%S%G%*%U%!%$%k$,FI$_9~$^$l$F$7$^$&(B

$B"#(B $B$$$m$$$m(B (2009.11.12)
(various)

$B"#(B 2009.11.11

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2009.10.09)

$B!!(BZen Cart $B$N7o(B: EC$B%5%$%H%=%U%H%&%'%"$O$J$<99?7$5$l$J$$$N$+(B (@IT, 2009.11.09)

$B"#(B APSB09-17: Workaround available for potential Photoshop Elements privilege escalation issue
(Adobe, 2009.11.10)

$B!!(BAdobe Photoshop Elements 7.0 / 8.0 $B$K7g4Y!#(B AdobeActiveFileMonitor $B%5!<%S%9$N(B DACL $B@_Dj$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B CVE-2009-3489

$B!!(Bsc sdset $B%3%^%s%I$r;H$C$F%5!<%S%9$N(B DACL $B$r@_Dj$9$k$3$H$GBP1~$G$-$k!#@_Dj$9$Y$-FbMF$O(B Bulletin $B$K<($5$l$F$$$k!#(B

$B"#(B 2009.11.10

$B"#(B $B%;%-%e%j%F%#%"%C%W%G!<%H(B 2009-006 / Mac OS X v10.6.2 $B$K$D$$$F(B
(Apple, 2009.11.09)

$B!!(BMac OS X 10.5.8 $BMQ(B patch $B$*$h$S(B Mac OS X 10.6.2 $BEP>l!#(B $B$I$&$d$i(B Mac OS X 10.4.x $B$N%5%]!<%H$O=*N;$7$?$h$&$G$9!#(B $B$"$$$+$o$i$:%5%]!<%H%]%j%7!<$,$h$/$o$+$i$J$$!#(B

2009.11.12 $BDI5-(B:

$B!!(BMac OS X v10.6.2 $B$G$O(B POP $BJ}LL$K;EMMJQ99$,$"$k$=$&$G(B: Mac OS X v10.6$B!'(B10.6.2 $B$K%"%C%W%G!<%H$9$k$H(B POP $B%a!<%k$r (Apple, 2009.11.09)$B!#!VG'>Z<:GT;~$K$O!"JL$NG'>ZJ}<0$r<+F0$G;n$9!W$H$$$&%"%l$J!V5!G=!W$,:o=|$5$l$?$?$a!"$3$l$KMj$C$F$$$??M$,%"%o%o$K$J$kOC!#(B $B$V$C$A$c$1<+6H<+F@$J$N$G$9$,!"$3$l$K$R$C$+$+$k$h$&$J?M$O<+6H<+F@$@$H$OG

$B"#(B 2009.11.09

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!(B$B%<%m$N%W%l%9%j%j!<%9(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.11.07)

Renegotiating TLS

$B!!4XO"(B:

$B"#(B LAN$B@\B3%O!<%I%G%#%9%/!V(BHDL-GT$B!?(BGTR$B!?(BGTR2U$B!W%7%j!<%:!!$40&MQ$N$*5RMM$X$N$40FFb(B
(IO DATA, 2009.11.09)

$B!!(BIO DATA $B$N(B LAN $B@\B3%O!<%I%G%#%9%/!V(BHDL-GT$B!?(BGTR$B!?(BGTR2U$B!W%7%j!<%:$N0lIt$NEE8;$K7g4Y$,$"$j!"H/1l$9$k>l9g$,$"$k$=$&$@!#MxMQ$B%7%j%"%kHV9f$r3NG'(B$B$7!"3:Ev$9$k>l9g$O(B$B%U%!!<%`%&%'%"$r99?7(B$B$7$h$&!#(B

$B"#(B 2009.11.07

$B"#(B 2009.11.06

$B"#(B Renegotiating TLS
(extendedsubset.com, 2009.11.04 (v1.1))

$B!!(BSSL / TLS $B$N:F%M%4%7%(!<%7%g%s=hM}$K%W%m%H%3%k>e$N7g4Y$,$"$j!"(B HTTPS $B$K$*$$$FCf4V2pF~967b(B (Man-In-The-Middle $B967b(B) $B$rKI$2$J$$!"$H$$$&;XE&!#(B $B$&$%$`!D!D!#(B

2009.11.09 $BDI5-(B:

$B!!4XO"(B:

2009.11.13 $BDI5-(B:

$B!!(BStealing Cookies with SSL Renegotiation (IBM ISS, 2009.11.12)

2009.11.15 $BDI5-(B:

$B!!(BTLS and SSLv3 vulnerabilities explained (g-sec.lu)

$B"#(B Vulnerability in the BlackBerry Desktop Manager allows remote code execution
(BlackBerry, 2009.11.04)

$B!!(BBlackBerry Desktop Manager $B$,;HMQ$9$k(B Lotus Notes Intellisync DLL $B$K7g4Y!#(B ActiveX $B$M$?!#(B CVE-2009-0306

$B!!(BBlackBerry Desktop Software version 5.0.1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Stable Channel Update: Google Chrome 3.0.195.32
(Google Chrome Releases blog, 2009.11.05)

$B!!(BGoogle Chrome 3.0.195.32 $BEP>l!#0J2<$,=$@5$5$l$F$$$k!#(B

  • JavaScript $B$N

  • $B%a%b%jGK2u$,H/@8$7!"G$0U$N%3!<%I$N

2009.11.13 $BDI5-(B:

$B!!(BGoogle Chrome 3.0.195.33 $BEP>l!#(B3.0.195.32 $B$K$O!"5/F0$K<:GT$9$kIT6q9g$,$"$C$?LOMM!#(B

$B!!%;%-%e%j%F%#=$@5$b4^$^$l$F$$$k!#(BCVE-2009-2816

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2009 $BG/(B 11 $B7n(B
(Microsoft, 2009.11.06)

$B!!$b$&$=$s$J5(@a$G$9!#6[5^(B x 3$B!"=EMW(B x 3$B!#=EMW$NCf$K(B Office $B$,(B 2 $B$DF~$C$F$^$9(B (Excel $B$H(B Word)$B!#(B

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

$B"#(B 2009.11.05

$B"#(B $B$$$m$$$m(B (2009.11.05)
(various)

$B"#(B APSB09-16: Security updates available for Shockwave Player
(Adobe, 2009.11.03)

$B!!(BShockwave Player 11.5.1.601 $B0JA0$K(B 5 $B$D$N7g4Y(B ($BG$0U$N%3!<%I$NCVE-2009-3463 CVE-2009-3464 CVE-2009-3465 CVE-2009-3466 $B!"(BDoS x 1 - CVE-2009-3244 )$B!#(B

$B!!(BShockwave Player 11.5.2.602 $B$G=$@5$5$l$F$$$k!#(B http://get.adobe.com/shockwave/ $B$+$iF~http://www.adobe.com/jp/shockwave/welcome $B$G3NG'$G$-$k$_$?$$(B

2009.11.12 $BDI5-(B:

$B!!F|K\8lHG(B:

$B"#(B $BDI5-(B

F-Secure / Symantec / McAfee Generic PDF detection bypass

$B!!(BF-Secure $B8x<0(B: Security Advisory FSC-2009-3 (F-Secure, 2009.10.29)$B!#<+F099?7$K$FBP1~!#(B

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!(B2009.11.03$B!A(B04 $B$K%^%9%4%_3F

$B!!4XO"(B:

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

Advance notification of Security Updates for Java SE

$B!!(BJDK and JRE 6 Update 17 / 5.0 Update 22 $B=P$?$_$?$$$G$9!#(BSDK and JRE 1.4.2_24 / 1.3.1_27 $B$O(B EOL $B2a$.$F$^$9$+$i!"0lHL8x3+$O$5$l$^$;$s!#(B

$B"#(B 2009.11.04

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BYou receive a VBScript "Type Mismatch" script error message in Internet Explorer after you install cumulative security update 974455 (Microsoft KB976749) $B$,2~D{$5$l$?!#(BMS09-054 $B$NI{:nMQ$X$N=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B

$B"#(B 2009.11.02

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!(BWin32/Daonol$B$N0! ($BF|7P(B IT Pro, 2009.11.02)

$B"#(B 2009.11.01

$B"#(B $BDI5-(B

APSB09-15: Security Advisory for Adobe Reader and Acrobat

$B!!F|K\8lHG(B: APSB09-15: Adobe Reader$B$*$h$S(BAcrobat$BMQ%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe, 2009.10.30)$B!#$7$+$7!"KhEYKhEY!"F|K\8lHG$N%j%j!<%9$K$I$&$7$F$3$s$J$K;~4V$,$+$+$k$s$G$7$g$&!#F|K\$N%f!<%6$rGO

Microsoft 2009 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-056 patch $B$K$O(B Communications Server 2005 / 2007 $BJ}LL$GI{:nMQ$,$"$k$=$&$G!"=$@5%W%m%0%i%`$,8x3+$5$l$F$^$9!#(B

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!4XO"(B: $B%5%s%7%c%$%sKR>l!&2]6b%7%9%F%`$NLdBj$K$D$$$F$N%"%J%&%s%9(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.10.31)

$B"#(B US-CERT$B!"!V(BBlackBerry$B!W$NDLOC$rEpD0$9$k%"%W%j$r7Y9p(B
(CNET, 2009.10.28)

$B!!$3$NOC(B:

$B2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]