{"id":1594,"date":"2023-05-16T06:01:14","date_gmt":"2023-05-15T21:01:14","guid":{"rendered":"https:\/\/m365jp.xyz\/?p=1594"},"modified":"2023-05-16T06:04:56","modified_gmt":"2023-05-15T21:04:56","slug":"mc555534-changes-to-windows-server-security-hardening-for-netlogon-and-kerberos-coming-july-11-2023","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2023-05-16-mc555534-changes-to-windows-server-security-hardening-for-netlogon-and-kerberos-coming-july-11-2023","title":{"rendered":"MC555534 | Changes to Windows Server security hardening for Netlogon and Kerberos coming July 11, 2023"},"content":{"rendered":"
\n
\n
\n\n\n\n
MC555534 | Changes to Windows Server security hardening for Netlogon and Kerberos coming July 11, 2023<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\n\n\n\n\n\n\n\n
Classification<\/th>\nplanForChange<\/td>\n<\/tr>\n
Last Updated<\/th>\n05\/15\/2023 20:54:24<\/td>\n<\/tr>\n
Start Time<\/th>\n05\/15\/2023 20:54:22<\/td>\n<\/tr>\n
End Time<\/th>\n05\/15\/2024 20:54:22<\/td>\n<\/tr>\n
Message Content<\/th>\n\n
Recent Windows updates address vulnerabilities in the Netlogon<\/a> protocol when remote procedure call (RPC)<\/a> signing is used instead of RPC sealing. The Netlogon RPC interface is primarily used to maintain the relationship between a device and its domain, and relationships among domain controllers (DCs) and domains. All domain-joined, machine accounts are affected by these vulnerabilities. Guidance and documentation can be found at KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023<\/a>.<\/div>\n
<\/div>\n
Please note, updates released April 11, 2023 and later have brought two important changes which can affect the testing and deployment processes which were previously documented for this hardening:<\/div>\n
Machine Translation<\/th>\n\n
\u6700\u8fd1\u306e Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306f\u3001RPC \u30b7\u30fc\u30ea\u30f3\u30b0\u306e\u4ee3\u308f\u308a\u306b\u30ea\u30e2\u30fc\u30c8 \u30d7\u30ed\u30b7\u30fc\u30b8\u30e3 \u30b3\u30fc\u30eb (RPC)<\/a> \u7f72\u540d\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306e Netlogon<\/a> \u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u8106\u5f31\u6027\u306b\u5bfe\u51e6\u3057\u307e\u3059\u3002Netlogon RPC \u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u306f\u3001\u4e3b\u306b\u3001\u30c7\u30d0\u30a4\u30b9\u3068\u305d\u306e\u30c9\u30e1\u30a4\u30f3\u9593\u306e\u95a2\u4fc2\u3001\u304a\u3088\u3073\u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc (DC) \u3068\u30c9\u30e1\u30a4\u30f3\u9593\u306e\u95a2\u4fc2\u3092\u7dad\u6301\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u3066\u3044\u308b\u3059\u3079\u3066\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc \u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002\u30ac\u30a4\u30c0\u30f3\u30b9\u3068\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306f\u3001KB5021130:CVE-2022-38023\u306b\u95a2\u9023\u3059\u308bNetlogon\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a>\u306b\u3042\u308a\u307e\u3059\u3002<\/div>\n
<\/div>\n
2023 \u5e74 4 \u6708 11 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u306f\u3001\u3053\u306e\u5f37\u5316\u306b\u3064\u3044\u3066\u4ee5\u524d\u306b\u6587\u66f8\u5316\u3055\u308c\u3066\u3044\u305f\u30c6\u30b9\u30c8\u304a\u3088\u3073\u30c7\u30d7\u30ed\u30a4 \u30d7\u30ed\u30bb\u30b9\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b 2 \u3064\u306e\u91cd\u8981\u306a\u5909\u66f4\u304c\u52a0\u3048\u3089\u308c\u3066\u3044\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n