{"id":11902,"date":"2025-06-17T03:01:02","date_gmt":"2025-06-16T18:01:02","guid":{"rendered":"https:\/\/m365jp.net\/?p=11902"},"modified":"2025-06-17T03:01:33","modified_gmt":"2025-06-16T18:01:33","slug":"mc1096052-windows-add-support-for-the-new-certificate-authority-handling-logic-in-application-control-for-business","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-06-17-mc1096052-windows-add-support-for-the-new-certificate-authority-handling-logic-in-application-control-for-business","title":{"rendered":"MC1096052 | Windows add support for the new certificate authority handling logic in Application Control for Business"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1096052 | Windows add support for the new certificate authority handling logic in Application Control for Business<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>06\/16\/2025 17:04:48<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>06\/16\/2025 17:04:47<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>06\/16\/2026 17:04:47<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Microsoft is updating the <a href=\"https:\/\/support.microsoft.com\/topic\/windows-support-for-the-application-control-for-business-new-ca-handling-logic-0be5df55-f4d7-458a-808f-7949d6a80850\" rel=\"noopener noreferrer\" target=\"_blank\">  logic used by Application Control for Business<\/a> to handle signer rules that rely on TBS (To Be Signed) hash values for Microsoft intermediate certificate authorities (CAs). This is in response to the upcoming expiration of several 15-year CAs starting in   July 2025. The new logic allows Application Control to automatically infer trust for the new 2023 and 2024 CAs if your existing policy already trusts the older CAs. Signer elements like CertEKU,&nbsp;CertPublisher,&nbsp;FileAttribRef&nbsp;and&nbsp;CertOemId&nbsp;are preserved in the   inferencing logic.&nbsp;<\/div>\n<div>  <\/div>\n<div><b>When this will happen:<\/b>&nbsp;<\/div>\n<div>Beginning in July 2025, these CAs will begin to expire&nbsp;according to the following schedule:<\/div>\n<ul>\n<li>July 6, 2025 &#8211; Microsoft Code Signing PCA 2010<\/li>\n<li>July 6, 2025 &#8211; Microsoft Windows PCA 2010<\/li>\n<li>July 8, 2026 &#8211; Microsoft Code Signing PCA 2011<\/li>\n<li>October 19, 2026 &#8211; Windows Production PCA 2011<\/li>\n<li>April 18, 2027 &#8211; Microsoft Windows Third Party Component CA 2012<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>How this will affect your organization:<\/b>&nbsp;<\/div>\n<div>Microsoft has serviced the TBS hash handling logic for the expiring CAs to all supported versions of Windows where Application Control is supported beginning with the following releases:<\/div>\n<ul>\n<li>Windows Server 2025: <a href=\"https:\/\/support.microsoft.com\/topic\/57181688-a692-49e5-b6cd-6e3919da12ca\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058411<\/a><\/li>\n<li>Windows 11, version 24H2: <a href=\"https:\/\/support.microsoft.com\/topic\/9324a361-965a-4496-8fd8-ba8a9de9fc38\" rel=\"noopener noreferrer\" target=\"_blank\">  April 25, 2025\u2014KB5055627<\/a><\/li>\n<li>Windows Server, version 23H2: <a href=\"https:\/\/support.microsoft.com\/topic\/3c3f9c71-6082-4d4a-a6f2-1cd11b0a03e1\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058384<\/a><\/li>\n<li>Windows 11, version 22H2 and 23H2: <a href=\"https:\/\/support.microsoft.com\/topic\/40cbe5df-063a-4b89-94eb-c79c8975506d\" rel=\"noopener noreferrer\" target=\"_blank\">  April 22, 2025\u2014KB5055629<\/a><\/li>\n<li>Windows Server 2022: <a href=\"https:\/\/support.microsoft.com\/topic\/45f3b455-92fa-4297-9dde-1428b36e53ad\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058385<\/a><\/li>\n<li>Windows 10, versions 21H2 and 22H2: <a href=\"https:\/\/support.microsoft.com\/topic\/0a30e9ee-5038-45dd-a5d7-70a8813a5e39\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058379<\/a><\/li>\n<li>Windows 10 Enterprise LTSC 2019 and Windows Server 2019: <a href=\"https:\/\/support.microsoft.com\/topic\/e72d5090-15f1-4562-a7c0-39c1155fa01c\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058392<\/a><\/li>\n<li>Windows 10 Enterprise LTSB 2016 and Windows Server 2016: <a href=\"https:\/\/support.microsoft.com\/topic\/f7d561f2-6b70-4a55-9bff-dac9c354812c\" rel=\"noopener noreferrer\" target=\"_blank\">  May 13, 2025\u2014KB5058383<\/a><\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>What you need to do to prepare:<\/b>&nbsp;<\/div>\n<div>Ensure your systems are updated with the updates listed above or subsequent ones. No policy updates are required&nbsp;if your existing rules reference the expiring CAs. Windows will seamlessly extend trust to the new 2023 and 2024 CAs via Windows updates.<\/div>\n<div>  <\/div>\n<div>If you want to opt&nbsp;out of the TBS hash&nbsp;inferencing&nbsp;logic performed by Application Control, set the following flag in policies:&nbsp;<b>Disabled:&nbsp;Default Windows Certificate&nbsp;<\/b>\u200b\u200b\u200b\u200b\u200b\u200b\u200b<\/div>\n<div>  <\/div>\n<div><b>Additional information:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/windows-support-for-the-application-control-for-business-new-ca-handling-logic-0be5df55-f4d7-458a-808f-7949d6a80850\" rel=\"noopener noreferrer\" target=\"_blank\">Windows support for the Application Control for Business   new CA handling logic<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/security\/application-security\/application-control\/app-control-for-business\/feature-availability\" rel=\"noopener noreferrer\" target=\"_blank\">App Control for Business and AppLocker feature availability<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/security\/application-security\/application-control\/app-control-for-business\/appcontrol\" rel=\"noopener noreferrer\" target=\"_blank\">Application Control for Windows<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>Microsoft \u306f\u3001Microsoft \u4e2d\u9593\u8a3c\u660e\u6a5f\u95a2 (CA) \u306e TBS (To Be Signed) \u30cf\u30c3\u30b7\u30e5\u5024\u306b\u4f9d\u5b58\u3059\u308b\u7f72\u540d\u8005\u30eb\u30fc\u30eb\u3092\u51e6\u7406\u3059\u308b\u305f\u3081\u306b  <a href=\"https:\/\/support.microsoft.com\/topic\/windows-support-for-the-application-control-for-business-new-ca-handling-logic-0be5df55-f4d7-458a-808f-7949d6a80850\" rel=\"noopener noreferrer\" target=\"_blank\">  \u3001Application Control for Business \u3067\u4f7f\u7528\u3055\u308c\u308b\u30ed\u30b8\u30c3\u30af<\/a> \u3092\u66f4\u65b0\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u30012025\u5e747\u6708\u304b\u3089\u3044\u304f\u3064\u304b\u306e15\u5e74CA\u306e\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b\u3053\u3068\u306b\u5bfe\u5fdc\u3059\u308b\u3082\u306e\u3067\u3059\u3002\u65b0\u3057\u3044\u30ed\u30b8\u30c3\u30af\u306b\u3088\u308a\u3001\u65e2\u5b58\u306e\u30dd\u30ea\u30b7\u30fc\u304c\u3059\u3067\u306b\u53e4\u3044 CA \u3092\u4fe1\u983c\u3057\u3066\u3044\u308b\u5834\u5408\u3001Application Control \u306f\u65b0\u3057\u3044 2023 \u304a\u3088\u3073 2024 CA \u306e\u4fe1\u983c\u3092\u81ea\u52d5\u7684\u306b\u63a8\u8ad6\u3067\u304d\u307e\u3059\u3002CertEKU\u3001&nbsp;CertPublisher\u3001FileAttribRef&nbsp;&nbsp;\u3001&nbsp;CertOemId&nbsp;\u306a\u3069\u306e\u7f72\u540d\u8005\u8981\u7d20\u306f\u3001\u63a8\u8ad6\u30ed\u30b8\u30c3\u30af\u306b\u4fdd\u6301\u3055\u308c\u307e\u3059\u3002&nbsp;<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b:<\/b>&nbsp;<\/div>\n<div>2025 \u5e74 7 \u6708\u4ee5\u964d\u3001\u3053\u308c\u3089\u306e CA \u306f\u6b21\u306e\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u306b\u5f93\u3063\u3066\u671f\u9650\u5207\u308c&nbsp;\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<ul>\n<li>2025 \u5e74 7 \u6708 6 \u65e5 &#8211; Microsoft Code Signing PCA 2010<\/li>\n<li>2025 \u5e74 7 \u6708 6 \u65e5 &#8211; Microsoft Windows PCA 2010<\/li>\n<li>2026 \u5e74 7 \u6708 8 \u65e5 &#8211; Microsoft Code Signing PCA 2011<\/li>\n<li>2026 \u5e74 10 \u6708 19 \u65e5 &#8211; Windows Production PCA 2011<\/li>\n<li>2027 \u5e74 4 \u6708 18 \u65e5 &#8211; Microsoft Windows \u30b5\u30fc\u30c9 \u30d1\u30fc\u30c6\u30a3 \u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8 CA 2012<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:<\/b>&nbsp;<\/div>\n<div>Microsoft \u306f\u3001\u6b21\u306e\u30ea\u30ea\u30fc\u30b9\u4ee5\u964d\u3001Application Control \u304c\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u3059\u3079\u3066\u306e\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u30d0\u30fc\u30b8\u30e7\u30f3\u306e Windows \u306b\u5bfe\u3057\u3066\u3001\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b CA \u306e TBS \u30cf\u30c3\u30b7\u30e5\u51e6\u7406\u30ed\u30b8\u30c3\u30af\u3092\u63d0\u4f9b\u3057\u307e\u3057\u305f\u3002<\/div>\n<ul>\n<li>Windows Server 2025: <a href=\"https:\/\/support.microsoft.com\/topic\/57181688-a692-49e5-b6cd-6e3919da12ca\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5 &#8211; KB5058411<\/a><\/li>\n<li>Windows 11 \u30d0\u30fc\u30b8\u30e7\u30f3 24H2: <a href=\"https:\/\/support.microsoft.com\/topic\/9324a361-965a-4496-8fd8-ba8a9de9fc38\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 4 \u6708 25 \u65e5 KB5055627<\/a><\/li>\n<li>Windows Server \u30d0\u30fc\u30b8\u30e7\u30f3 23H2: <a href=\"https:\/\/support.microsoft.com\/topic\/3c3f9c71-6082-4d4a-a6f2-1cd11b0a03e1\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5 &#8211; KB5058384<\/a><\/li>\n<li>Windows 11 \u30d0\u30fc\u30b8\u30e7\u30f3 22H2 \u304a\u3088\u3073 23H2: <a href=\"https:\/\/support.microsoft.com\/topic\/40cbe5df-063a-4b89-94eb-c79c8975506d\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 4 \u6708 22 \u65e5\u304b\u3089 KB5055629<\/a> \u65e5<\/li>\n<li>Windows Server 2022: <a href=\"https:\/\/support.microsoft.com\/topic\/45f3b455-92fa-4297-9dde-1428b36e53ad\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5 &#8211; KB5058385<\/a><\/li>\n<li>Windows 10 \u30d0\u30fc\u30b8\u30e7\u30f3 21H2 \u304a\u3088\u3073 22H2: <a href=\"https:\/\/support.microsoft.com\/topic\/0a30e9ee-5038-45dd-a5d7-70a8813a5e39\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5\u304b\u3089 KB5058379<\/a> \u65e5<\/li>\n<li>Windows 10 Enterprise LTSC 2019 \u304a\u3088\u3073 Windows Server 2019: <a href=\"https:\/\/support.microsoft.com\/topic\/e72d5090-15f1-4562-a7c0-39c1155fa01c\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5\u304b\u3089 KB5058392<\/a> \u65e5<\/li>\n<li>Windows 10 Enterprise LTSB 2016 \u304a\u3088\u3073 Windows Server 2016: <a href=\"https:\/\/support.microsoft.com\/topic\/f7d561f2-6b70-4a55-9bff-dac9c354812c\" rel=\"noopener noreferrer\" target=\"_blank\">  2025 \u5e74 5 \u6708 13 \u65e5\u304b\u3089 KB5058383<\/a> \u65e5<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b>&nbsp;<\/div>\n<div>\u4e0a\u8a18\u306e\u66f4\u65b0\u307e\u305f\u306f\u305d\u308c\u4ee5\u964d\u306e\u66f4\u65b0\u3067\u30b7\u30b9\u30c6\u30e0\u304c\u66f4\u65b0\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u65e2\u5b58\u306e\u30eb\u30fc\u30eb\u304c\u671f\u9650\u5207\u308c\u306b\u306a\u308b CA \u3092\u53c2\u7167\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30dd\u30ea\u30b7\u30fc\u306e\u66f4\u65b0\u306f\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093&nbsp;\u3002Windows \u306f\u3001Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u4ecb\u3057\u3066\u3001\u65b0\u3057\u3044 2023 \u5e74\u3068 2024 \u5e74\u306e CA \u306b\u4fe1\u983c\u3092\u30b7\u30fc\u30e0\u30ec\u30b9\u306b\u62e1\u5f35\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div>Application Control \u306b\u3088\u3063\u3066\u5b9f\u884c\u3055\u308c\u308b TBS \u30cf\u30c3\u30b7\u30e5\u63a8\u8ad6\u30ed\u30b8\u30c3\u30af\u3092\u30aa\u30d7\u30c8\u30a2\u30a6\u30c8&nbsp;\u3059\u308b\u5834\u5408\u306f\u3001\u30dd\u30ea\u30b7\u30fc\u3067\u6b21\u306e\u30d5\u30e9\u30b0\u3092\u8a2d\u5b9a\u3057\u307e\u3059:&nbsp;<b>\u7121\u52b9:&nbsp;\u65e2\u5b9a\u306e Windows \u8a3c\u660e\u66f8&nbsp;<\/b>???????&nbsp;&nbsp;<\/div>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/windows-support-for-the-application-control-for-business-new-ca-handling-logic-0be5df55-f4d7-458a-808f-7949d6a80850\" rel=\"noopener noreferrer\" target=\"_blank\">Application Control for Business \u306e\u65b0\u3057\u3044 CA \u51e6\u7406\u30ed\u30b8\u30c3\u30af\u306b\u5bfe\u3059\u308b   Windows \u306e\u30b5\u30dd\u30fc\u30c8<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/security\/application-security\/application-control\/app-control-for-business\/feature-availability\" rel=\"noopener noreferrer\" target=\"_blank\">App Control for Business \u3068 AppLocker \u6a5f\u80fd\u306e\u53ef\u7528\u6027<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/security\/application-security\/application-control\/app-control-for-business\/appcontrol\" rel=\"noopener noreferrer\" target=\"_blank\">Windows\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5236\u5fa1<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1096052 | Windows add support for the new certificate authority handling logic in Application Control for Bu [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11902","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=11902"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11902\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=11902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=11902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=11902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}