{"id":10922,"date":"2025-04-09T03:01:30","date_gmt":"2025-04-08T18:01:30","guid":{"rendered":"https:\/\/m365jp.net\/?p=10922"},"modified":"2025-04-09T03:03:37","modified_gmt":"2025-04-08T18:03:37","slug":"mc1050817-immediate-action-enforce-pac-validation-for-cve-2024-26248-cve-2024-29056","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-04-09-mc1050817-immediate-action-enforce-pac-validation-for-cve-2024-26248-cve-2024-29056","title":{"rendered":"MC1050817 | Immediate Action: Enforce PAC Validation for CVE-2024-26248 &amp; CVE-2024-29056"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1050817 | Immediate Action: Enforce PAC Validation for CVE-2024-26248 &amp; CVE-2024-29056<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>04\/08\/2025 17:01:58<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>04\/08\/2025 17:01:51<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>04\/08\/2026 17:01:51<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Last year, Windows updates released on and after April 9, 2024 added new behaviors that start the process of addressing a security risk in the  <a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-apds\/82b7b7c6-413d-4d66-b6b7-4a9224549782\" rel=\"noopener noreferrer\" target=\"_blank\">  Kerberos PAC Validation Protocol<\/a>.<\/div>\n<div>  <\/div>\n<div>Starting today, the <b>Enforcement phase<\/b> of deployment begins. After installing the April 2025 Windows security update and later updates on all Windows domain controllers and Windows clients, support for  <b>Compatibility<\/b> mode will be removed, and the new secure behavior will be enabled by default. This will properly mitigate the vulnerabilities described in&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>   and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a>.<\/div>\n<div>  <\/div>\n<div><b>When will this happen?<\/b><\/div>\n<div>The <b>Enforcement phase<\/b> starts today<b>&nbsp;<\/b>with the release of the April 2025 Windows security update.<\/div>\n<div>  <\/div>\n<div><b>How will this affect your organization?<\/b><\/div>\n<div>To mitigate the risks described in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-26248<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a>, you must update your entire Windows environment. This must include all Windows domain controllers and Windows clients. Environments that are not up to date will not recognize the new request structure and security checks will fail.<\/div>\n<div>&nbsp;<\/div>\n<div><b>What do you need to do to prepare?<\/b><\/div>\n<div>Install the April 2025 Windows security update on all Windows domain controllers and Windows clients.  <b>Enforcement <\/b>mode will be fully enabled in your environment. This will properly mitigate the vulnerabilities described in&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>   and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a>.<\/div>\n<div>  <\/div>\n<div><b>Additional information:<\/b><\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5037754: How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>\u6628\u5e74\u30012024 \u5e74 4 \u6708 9 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u306f\u3001 <a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-apds\/82b7b7c6-413d-4d66-b6b7-4a9224549782\" rel=\"noopener noreferrer\" target=\"_blank\">  Kerberos PAC \u691c\u8a3c\u30d7\u30ed\u30c8\u30b3\u30eb<\/a>\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u306b\u5bfe\u51e6\u3059\u308b\u30d7\u30ed\u30bb\u30b9\u3092\u958b\u59cb\u3059\u308b\u65b0\u3057\u3044\u52d5\u4f5c\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002<\/div>\n<div>  <\/div>\n<div>\u672c\u65e5\u304b\u3089\u3001\u30c7\u30d7\u30ed\u30a4\u306e <b>\u5f37\u5236\u30d5\u30a7\u30fc\u30ba<\/b> \u304c\u958b\u59cb\u3055\u308c\u307e\u3059\u30022025 \u5e74 4 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3068\u305d\u308c\u4ee5\u964d\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u3059\u3079\u3066\u306e Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068 Windows \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3068\u3001  <b>\u4e92\u63db<\/b> \u30e2\u30fc\u30c9\u306e\u30b5\u30dd\u30fc\u30c8\u304c\u524a\u9664\u3055\u308c\u3001\u65b0\u3057\u3044\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u4f5c\u304c\u65e2\u5b9a\u3067\u6709\u52b9\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a> \u304a\u3088\u3073  <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a> \u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b&nbsp;\u8106\u5f31\u6027\u304c\u9069\u5207\u306b\u8efd\u6e1b\u3055\u308c\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u5b9f\u73fe\u3057\u307e\u3059\u304b?<\/b><\/div>\n<div><b>\u5f37\u5236\u30d5\u30a7\u30fc\u30ba<\/b>\u306f\u30012025 \u5e74 4 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30ea\u30ea\u30fc\u30b9\u3068\u3068\u3082\u306b\u672c\u65e5<b>&nbsp;<\/b>\u958b\u59cb\u3055\u308c\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u304b?<\/b><\/div>\n<div><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a> \u3068  <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a> \u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3059\u308b\u306b\u306f\u3001Windows \u74b0\u5883\u5168\u4f53\u3092\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u306f\u3001\u3059\u3079\u3066\u306e Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068 Windows \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u6700\u65b0\u3067\u306a\u3044\u74b0\u5883\u306f\u3001\u65b0\u3057\u3044\u8981\u6c42\u69cb\u9020\u3092\u8a8d\u8b58\u305b\u305a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30a7\u30c3\u30af\u306f\u5931\u6557\u3057\u307e\u3059\u3002<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u4f55\u3092\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u304b?<\/b><\/div>\n<div>2025 \u5e74 4 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u3001\u3059\u3079\u3066\u306e Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068 Windows \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002  <b>\u5f37\u5236 <\/b>\u30e2\u30fc\u30c9\u306f\u3001\u304a\u4f7f\u3044\u306e\u74b0\u5883\u3067\u5b8c\u5168\u306b\u6709\u52b9\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a> \u304a\u3088\u3073  <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2024-29056<\/a> \u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b&nbsp;\u8106\u5f31\u6027\u304c\u9069\u5207\u306b\u8efd\u6e1b\u3055\u308c\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b><\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5037754: CVE-2024-26248 \u304a\u3088\u3073 CVE-2024-29056 \u306b\u95a2\u9023\u3059\u308b PAC \u691c\u8a3c\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805: CVE-2022-37967 \u306b\u95a2\u9023\u3059\u308b Kerberos \u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1050817 | Immediate Action: Enforce PAC Validation for CVE-2024-26248 &amp; CVE-2024-29056 Classification st [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10922","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/10922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=10922"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/10922\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=10922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=10922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=10922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}