{"id":12191,"date":"2025-07-11T04:01:17","date_gmt":"2025-07-10T19:01:17","guid":{"rendered":"https:\/\/m365jp.net\/?p=12191"},"modified":"2025-07-11T04:04:35","modified_gmt":"2025-07-10T19:04:35","slug":"mc1113050-security-hardening-for-microsoft-rpc-netlogon-protocol","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-07-11-mc1113050-security-hardening-for-microsoft-rpc-netlogon-protocol","title":{"rendered":"MC1113050 | Security hardening for Microsoft RPC Netlogon protocol"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1113050 | Security hardening for Microsoft RPC Netlogon protocol<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>07\/10\/2025 18:46:01<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>07\/10\/2025 18:46:00<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>07\/10\/2026 18:46:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>As part of our ongoing commitment to security, we\u2019re introducing a hardening change to the  <a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-nrpc\/ff8f970f-3e37-40f7-bd4b-af7336e4792f\" rel=\"noopener noreferrer\" target=\"_blank\">  Microsoft RPC Netlogon protocol<\/a>.&nbsp;This update strengthens access controls by blocking anonymous RPC requests that could previously be used to locate domain controllers.&nbsp;This change is&nbsp;<b>not configurable<\/b>&nbsp;and&nbsp;<b>cannot be reverted<\/b>&nbsp;via policy.<\/div>\n<div>&nbsp;<\/div>\n<div><b>When this will happen<\/b><\/div>\n<ul>\n<li>This change was introduced in the&nbsp;<b>July 2025 Windows security update<\/b>&nbsp;for all supported versions of Windows Server from Windows Server&nbsp;2008 R2 through Window Server 2022.<\/li>\n<li>For&nbsp;<b>Windows Server 2025<\/b>, the change was included in the&nbsp;<b>February 2025 Windows security update  <\/b>and subsequent updates.<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>How this affects your organization<\/b><\/div>\n<div>After installing the applicable Windows security update,&nbsp;<b>Active Directory domain controllers will reject certain anonymous RPC requests<\/b>&nbsp;made through the Netlogon RPC server.&nbsp;These requests are typically used for domain controller location and may   impact interoperability with some third-party file and print services, including&nbsp;<b>Samba<\/b>.<\/div>\n<div>&nbsp;<\/div>\n<div>If your organization uses Samba or similar services, you may experience disruptions unless those services are updated to comply with the new access requirements.&nbsp;<\/div>\n<div>  <\/div>\n<div><b>What you can do to prepare<\/b><\/div>\n<ul>\n<li>Review your environment for dependencies on anonymous Netlogon RPC requests.<\/li>\n<li>If your organization uses Samba, please refer to the&nbsp;<a href=\"https:\/\/www.samba.org\/samba\/history\/samba-4.22.3.html\" rel=\"noopener noreferrer\" target=\"_blank\">Samba release notes<\/a>&nbsp;\u200b\u200b\u200b\u200b\u200b\u200bfor guidance on compatibility.<\/li>\n<li>Test the update in a staging environment before broad deployment to identify any potential service disruptions.<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>Additional information<\/b><\/div>\n<div>This change has been documented in the KB articles associated to the updates introducing the new security hardening:<\/div>\n<div>&nbsp;<\/div>\n<ul>\n<li><b>Windows Server 2025<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5051987\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5051987<\/a><\/li>\n<li><b>Windows Server 2025 Datacenter: Azure Edition (Hotpatch Baseline)<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5051987\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5051987<\/a><\/li>\n<li><b>Windows Server 2022<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062572\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062572<\/a><\/li>\n<li><b>Windows Server 2022 Datacenter: Azure Edition (Hotpatch Baseline)<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062572\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062572<\/a><\/li>\n<li><b>Windows Server 2012 R2<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062597\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062597<\/a><\/li>\n<li><b>Windows Server 2012<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062592\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062592<\/a><\/li>\n<li><b>Windows Server 2008 R2 SP1<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062632-monthly-rollup-6b00fd29-2f8e-4167-8633-bd081870d49e\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062632<\/a> \/&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062619-security-only-update-3bde872d-c66a-45e5-8d3c-a1e2608ccfde\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062619<\/a><\/li>\n<li><b>Windows Server 2008: SP2<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062624-monthly-rollup-ef8674af-85d1-49dd-8ba0-9535c77bfff1\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062624<\/a> \/&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062618-security-only-update-34a3726e-1e9b-4f72-a61b-b2d6f8c59835\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062618<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u5bfe\u3059\u308b\u7d99\u7d9a\u7684\u306a\u53d6\u308a\u7d44\u307f\u306e\u4e00\u74b0\u3068\u3057\u3066\u3001 <a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-nrpc\/ff8f970f-3e37-40f7-bd4b-af7336e4792f\" rel=\"noopener noreferrer\" target=\"_blank\">  Microsoft RPC Netlogon \u30d7\u30ed\u30c8\u30b3\u30eb<\/a>\u306b\u5f37\u5316\u7684\u306a\u5909\u66f4\u3092\u5c0e\u5165\u3057\u307e\u3059\u3002&nbsp;\u3053\u306e\u66f4\u65b0\u306b\u3088\u308a\u3001\u4ee5\u524d\u306f\u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306e\u691c\u7d22\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u305f\u533f\u540d\u306e RPC \u8981\u6c42\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3053\u3068\u3067\u3001\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u5f37\u5316\u3055\u308c\u307e\u3059\u3002&nbsp;\u3053\u306e\u5909\u66f4\u306f<b>\u69cb\u6210\u3067\u304d\u305a<\/b>&nbsp;\u3001&nbsp;&nbsp;\u30dd\u30ea\u30b7\u30fc\u3092\u4f7f\u7528\u3057\u3066<b>\u5143\u306b\u623b\u3059<\/b>&nbsp;\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093\u3002<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b<\/b><\/div>\n<ul>\n<li>\u3053\u306e\u5909\u66f4\u306f\u3001&nbsp;Windows Server&nbsp;2008 R2 \u304b\u3089 Window Server 2022 \u307e\u3067\u306e\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u3059\u3079\u3066\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306e Windows Server \u306e  <b>2025 \u5e74 7 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0<\/b>&nbsp;\u3067\u5c0e\u5165\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li><b>Windows Server 2025<\/b> \u306e\u5834\u5408&nbsp;\u3001\u3053\u306e\u5909\u66f4\u306f <b>2025 \u5e74 2 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0<\/b>\u3068\u305d\u306e\u5f8c\u306e&nbsp;\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff<\/b><\/div>\n<div>\u8a72\u5f53\u3059\u308b Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u5f8c\u3001Active Directory \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306f\u3001&nbsp;Netlogon RPC \u30b5\u30fc\u30d0\u30fc\u3092\u901a\u3058\u3066\u884c\u308f\u308c\u305f<b>\u7279\u5b9a\u306e\u533f\u540d RPC \u30ea\u30af\u30a8\u30b9\u30c8<\/b>&nbsp;\u3092\u62d2\u5426\u3057\u307e\u3059\u3002&nbsp;\u3053\u308c\u3089\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u901a\u5e38\u3001\u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u5834\u6240\u3068\u3057\u3066\u4f7f\u7528\u3055\u308c\u3001<b>Samba<\/b> \u3092\u542b\u3080&nbsp;\u4e00\u90e8\u306e\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u5370\u5237\u30b5\u30fc\u30d3\u30b9\u3068\u306e\u76f8\u4e92\u904b\u7528\u6027\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<div>&nbsp;<\/div>\n<div>\u7d44\u7e54\u3067 Samba \u307e\u305f\u306f\u540c\u69d8\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u3053\u308c\u3089\u306e\u30b5\u30fc\u30d3\u30b9\u304c\u65b0\u3057\u3044\u30a2\u30af\u30bb\u30b9\u8981\u4ef6\u306b\u6e96\u62e0\u3059\u308b\u3088\u3046\u306b\u66f4\u65b0\u3055\u308c\u306a\u3044\u9650\u308a\u3001\u4e2d\u65ad\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002&nbsp;<\/div>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u3067\u304d\u308b\u3053\u3068<\/b><\/div>\n<ul>\n<li>\u533f\u540d\u306e Netlogon RPC \u8981\u6c42\u3078\u306e\u4f9d\u5b58\u95a2\u4fc2\u306b\u3064\u3044\u3066\u3001\u74b0\u5883\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<li>\u7d44\u7e54\u3067 Samba \u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001<a href=\"https:\/\/www.samba.org\/samba\/history\/samba-4.22.3.html\" rel=\"noopener noreferrer\" target=\"_blank\">Samba \u306e\u30ea\u30ea\u30fc\u30b9\u30ce\u30fc\u30c8<\/a>&nbsp;\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044&nbsp;??????\u4e92\u63db\u6027\u306b\u95a2\u3059\u308b\u30ac\u30a4\u30c0\u30f3\u30b9\u3068\u3057\u3066\u3002<\/li>\n<li>\u5e83\u7bc4\u306a\u30c7\u30d7\u30ed\u30a4\u306e\u524d\u306b\u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u74b0\u5883\u3067\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30c6\u30b9\u30c8\u3057\u3066\u3001\u6f5c\u5728\u7684\u306a\u30b5\u30fc\u30d3\u30b9\u306e\u4e2d\u65ad\u3092\u7279\u5b9a\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831<\/b><\/div>\n<div>\u3053\u306e\u5909\u66f4\u306f\u3001\u65b0\u3057\u3044\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u306e\u5c0e\u5165\u306b\u95a2\u3059\u308b\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u95a2\u9023\u3059\u308b\u30b5\u30dd\u30fc\u30c8\u6280\u8853\u60c5\u5831\u306e\u8a18\u4e8b\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/div>\n<div>&nbsp;<\/div>\n<ul>\n<li><b>Windows Server 2025<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5051987\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5051987<\/a><\/li>\n<li><b>Windows Server 2025 Datacenter: Azure Edition (\u30db\u30c3\u30c8\u30d1\u30c3\u30c1 \u30d9\u30fc\u30b9\u30e9\u30a4\u30f3):<\/b>&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5051987\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5051987<\/a><\/li>\n<li><b>Windows Server 2022<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062572\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062572<\/a><\/li>\n<li><b>Windows Server 2022 Datacenter: Azure Edition (\u30db\u30c3\u30c8\u30d1\u30c3\u30c1 \u30d9\u30fc\u30b9\u30e9\u30a4\u30f3):<\/b>&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062572\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062572<\/a><\/li>\n<li><b>Windows Server 2012 R2<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062597\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062597<\/a><\/li>\n<li><b>Windows Server 2012<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5062592\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062592<\/a><\/li>\n<li><b>Windows Server 2008 R2 SP1<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062632-monthly-rollup-6b00fd29-2f8e-4167-8633-bd081870d49e\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062632<\/a> \/&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062619-security-only-update-3bde872d-c66a-45e5-8d3c-a1e2608ccfde\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062619<\/a><\/li>\n<li><b>Windows Server 2008:SP2<\/b>:&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062624-monthly-rollup-ef8674af-85d1-49dd-8ba0-9535c77bfff1\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062624<\/a> \/&nbsp;<a href=\"https:\/\/support.microsoft.com\/topic\/july-8-2025-kb5062618-security-only-update-34a3726e-1e9b-4f72-a61b-b2d6f8c59835\" rel=\"noopener noreferrer\" target=\"_blank\">https:\/\/support.microsoft.com\/help\/5062618<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1113050 | Security hardening for Microsoft RPC Netlogon protocol Classification planForChange Last Updated 0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12191","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12191"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12191\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}