{"id":12793,"date":"2025-09-10T03:03:00","date_gmt":"2025-09-09T18:03:00","guid":{"rendered":"https:\/\/m365jp.net\/?p=12793"},"modified":"2025-09-10T03:06:08","modified_gmt":"2025-09-09T18:06:08","slug":"mc1150557-certificate-based-authentication-changes-following-installation-of-windows-updates-released-september-9-2025","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-09-10-mc1150557-certificate-based-authentication-changes-following-installation-of-windows-updates-released-september-9-2025","title":{"rendered":"MC1150557 | Certificate-based authentication changes following installation of Windows updates released September 9, 2025"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1150557 | Certificate-based authentication changes following installation of Windows updates released September 9, 2025<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>09\/09\/2025 17:07:04<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>09\/09\/2025 17:07:03<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>09\/09\/2026 17:07:03<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Windows updates released September 9, 2025 and later, introduce security hardening changes to certificate mapping requirements in Windows Servers. The is the final milestone of a rollout that has gradually been taking place since 2023. IT administrators   need to take action to ensure normal operations in accordance with the new certificate mapping criteria, and install the September 9, 2025 updates.<\/div>\n<div>  <\/div>\n<div>For full details, see <a href=\"https:\/\/support.microsoft.com\/help\/5014754\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5014754: Certificate-based authentication changes on Windows domain controllers<\/a>.<\/div>\n<div>  <\/div>\n<div><b>When will this happen:<\/b><\/div>\n<div>This change is effective immediately in Windows updates released September 9, 2025. Servers which run Active Directory Certificate Services, as well as Windows domain controllers that service certificate-based authentication, are now required to meet certain   certificate mapping criteria in order for authentication operations to succeed.&nbsp;These changes address vulnerabilities discussed in  <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-34691\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2022-34691<\/a> and others.<\/div>\n<div>  <\/div>\n<div><b>How this will affect your organization:<\/b><\/div>\n<div>Vulnerabilities addressed in this scenario involve the use of dollar sign ($) at the end of a machine name, as well as&nbsp;conflicts between User Principal Names (UPN) and&nbsp;sAMAccountName. Both scenarios introduced vulnerabilities in the form of certificate   emulation (spoofing).<\/div>\n<div>  <\/div>\n<div>The September 2025 updates conclude the rollout of security requirements which prevent these vulnerabilities. If certificates cannot be strongly mapped per the security measures following installation of this update, certain authentication operations might   be denied.<\/div>\n<div>  <\/div>\n<div><b>What you need to do to prepare:<\/b><\/div>\n<div>The new certificate mapping requirements mentioned here have been rolling out with various degrees of enforcement throughout 2023 and 2024. Beginning with the September 9 updates, previous methods of grading enforcement across environments have been disabled.   IT administrators need to confirm normal operations in accordance with the new certificate mapping criteria.<\/div>\n<div>  <\/div>\n<div>As always, we recommend that you update your devices to the latest security update available to take advantage of the advanced protections from the latest security threats. Review the links provided in the Additional information section.<\/div>\n<div>  <\/div>\n<div><b>Additional information:<\/b><\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5014754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5014754: Certificate-based authentication changes on Windows domain controllers<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>2025 \u5e74 9 \u6708 9 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u306f\u3001Windows Server \u306e\u8a3c\u660e\u66f8\u30de\u30c3\u30d4\u30f3\u30b0\u8981\u4ef6\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u306e\u5909\u66f4\u304c\u5c0e\u5165\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u30012023 \u5e74\u304b\u3089\u5f90\u3005\u306b\u5b9f\u65bd\u3055\u308c\u3066\u3044\u308b\u5c55\u958b\u306e\u6700\u5f8c\u306e\u30de\u30a4\u30eb\u30b9\u30c8\u30fc\u30f3\u3067\u3059\u3002IT \u7ba1\u7406\u8005\u306f\u3001\u65b0\u3057\u3044\u8a3c\u660e\u66f8\u30de\u30c3\u30d4\u30f3\u30b0\u57fa\u6e96\u306b\u5f93\u3063\u3066\u901a\u5e38\u306e\u52d5\u4f5c\u3092\u4fdd\u8a3c\u3059\u308b\u305f\u3081\u306e\u63aa\u7f6e\u3092\u8b1b\u3058\u30012025 \u5e74 9 \u6708 9 \u65e5\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div>\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c <a href=\"https:\/\/support.microsoft.com\/help\/5014754\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5014754: Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3067\u306e\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u306e\u5909\u66f4<\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u8d77\u3053\u308a\u307e\u3059\u304b:<\/b><\/div>\n<div>\u3053\u306e\u5909\u66f4\u306f\u30012025 \u5e74 9 \u6708 9 \u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u76f4\u3061\u306b\u6709\u52b9\u306b\u306a\u308a\u307e\u3059\u3002Active Directory \u8a3c\u660e\u66f8\u30b5\u30fc\u30d3\u30b9\u3092\u5b9f\u884c\u3059\u308b\u30b5\u30fc\u30d0\u30fc\u3068\u3001\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3092\u63d0\u4f9b\u3059\u308b Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306f\u3001\u8a8d\u8a3c\u64cd\u4f5c\u3092\u6210\u529f\u3055\u305b\u308b\u305f\u3081\u306b\u3001\u7279\u5b9a\u306e\u8a3c\u660e\u66f8\u30de\u30c3\u30d4\u30f3\u30b0\u57fa\u6e96\u3092\u6e80\u305f\u3059\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002&nbsp;\u3053\u308c\u3089\u306e\u5909\u66f4\u306f\u3001  <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-34691\" rel=\"noopener noreferrer\" target=\"_blank\">  CVE-2022-34691<\/a> \u306a\u3069\u3067\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u6027\u306b\u5bfe\u51e6\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:<\/b><\/div>\n<div>\u3053\u306e\u30b7\u30ca\u30ea\u30aa\u3067\u5bfe\u51e6\u3055\u308c\u308b\u8106\u5f31\u6027\u306b\u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u540d\u306e\u672b\u5c3e\u306b\u30c9\u30eb\u8a18\u53f7 ($) \u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3084&nbsp;\u3001\u30e6\u30fc\u30b6\u30fc \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u540d (UPN) \u3068&nbsp;sAMAccountName \u306e\u9593\u306e\u7af6\u5408\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u3069\u3061\u3089\u306e\u30b7\u30ca\u30ea\u30aa\u3067\u3082\u3001\u8a3c\u660e\u66f8\u30a8\u30df\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3 (\u306a\u308a\u3059\u307e\u3057) \u306e\u5f62\u3067\u8106\u5f31\u6027\u304c\u767a\u751f\u3057\u307e\u3057\u305f\u3002<\/div>\n<div>  <\/div>\n<div>2025 \u5e74 9 \u6708\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u306f\u3001\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u3092\u9632\u3050\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u306e\u5c55\u958b\u304c\u7d42\u4e86\u3057\u307e\u3059\u3002\u3053\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5f8c\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u5f93\u3063\u3066\u8a3c\u660e\u66f8\u3092\u5f37\u529b\u306b\u30de\u30c3\u30d4\u30f3\u30b0\u3067\u304d\u306a\u3044\u5834\u5408\u3001\u7279\u5b9a\u306e\u8a8d\u8a3c\u64cd\u4f5c\u304c\u62d2\u5426\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b><\/div>\n<div>\u3053\u3053\u3067\u8aac\u660e\u3059\u308b\u65b0\u3057\u3044\u8a3c\u660e\u66f8\u30de\u30c3\u30d4\u30f3\u30b0\u8981\u4ef6\u306f\u30012023 \u5e74\u304b\u3089 2024 \u5e74\u306b\u304b\u3051\u3066\u3055\u307e\u3056\u307e\u306a\u7a0b\u5ea6\u306e\u65bd\u884c\u3067\u5c55\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u30029 \u6708 9 \u65e5\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u4ee5\u964d\u3001\u74b0\u5883\u5168\u4f53\u3067\u9069\u7528\u3092\u63a1\u70b9\u3059\u308b\u4ee5\u524d\u306e\u65b9\u6cd5\u306f\u7121\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002IT \u7ba1\u7406\u8005\u306f\u3001\u65b0\u3057\u3044\u8a3c\u660e\u66f8\u30de\u30c3\u30d4\u30f3\u30b0\u57fa\u6e96\u306b\u5f93\u3063\u3066\u901a\u5e38\u306e\u52d5\u4f5c\u3092\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div>\u3044\u3064\u3082\u306e\u3088\u3046\u306b\u3001\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8105\u5a01\u306b\u5bfe\u3059\u308b\u9ad8\u5ea6\u306a\u4fdd\u8b77\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u3001\u30c7\u30d0\u30a4\u30b9\u3092\u5229\u7528\u53ef\u80fd\u306a\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u66f4\u65b0\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002\u300c\u8ffd\u52a0\u60c5\u5831\u300d\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u30ea\u30f3\u30af\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b><\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5014754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5014754: Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3067\u306e\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u306e\u5909\u66f4<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1150557 | Certificate-based authentication changes following installation of Windows updates released Septem [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12793","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12793"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12793\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}