{"id":5971,"date":"2024-04-13T05:01:07","date_gmt":"2024-04-12T20:01:07","guid":{"rendered":"https:\/\/m365jp.net\/?p=5971"},"modified":"2024-04-13T05:15:57","modified_gmt":"2024-04-12T20:15:57","slug":"mc776076-new-steps-have-been-released-to-mitigate-kerberos-signature-validation-vulnerabilities","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-04-13-mc776076-new-steps-have-been-released-to-mitigate-kerberos-signature-validation-vulnerabilities","title":{"rendered":"MC776076 | New steps have been released to mitigate Kerberos signature validation vulnerabilities"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC776076 | New steps have been released to mitigate Kerberos signature validation vulnerabilities<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>preventOrFixIssue<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>04\/12\/2024 19:56:34<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>04\/12\/2024 19:56:33<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>04\/12\/2025 19:56:33<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>The April 2024 security update released on April 9, 2024 addresses a security vulnerability in the  <a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-apds\/82b7b7c6-413d-4d66-b6b7-4a9224549782\" rel=\"noopener noreferrer\" target=\"_blank\">  Kerberos PAC Validation Protocol<\/a>. New <b>Take Action<\/b> steps have been released as part of  <a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5037754<\/a> to prevent bypassing PAC signature validation security checks added in&nbsp;<a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967<\/a>.<\/div>\n<div>  <\/div>\n<div><b>When will this happen:<\/b>&nbsp;<\/div>\n<ul>\n<li>April 9, 2024: Initial deployment phase started with the release of the April 2024 security update.<\/li>\n<li>October 15, 2024: The <b>Enforced by Default<\/b> phase starts where Windows domain controllers and clients will move to  <b>Enforced <\/b>mode. Note that during that during this phase, the&nbsp;<b>Enforced by Default<\/b>&nbsp;settings can be overridden by an Administrator to revert to&nbsp;<b>Compatibility<\/b>&nbsp;mode.<\/li>\n<li>April 8, 2025: <b>Enforcement<\/b> phase begins with no option to revert the new secure behavior.<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>How this will affect your organization:<\/b>&nbsp;<\/div>\n<div>To mitigate vulnerabilities described in&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-29056<\/a>,   you must make sure your entire Windows environment (including both domain controllers and clients) is updated. Environments that are not updated will not recognize this new request structure after  <b>Enforcement <\/b>mode begins. This will cause the security check to fail.<\/div>\n<div>  <\/div>\n<div><b>What you need to do to prepare:<\/b>&nbsp;<\/div>\n<div>To help protect your environment and prevent outages, we recommend the following steps:<\/div>\n<ol>\n<li><b>UPDATE:<\/b>&nbsp;Windows domain controllers and Windows clients must be updated with a Windows security update released on or after April 9, 2024.<\/li>\n<li><b>MONITOR:<\/b>&nbsp;Audit events will be visible in&nbsp;<b>Compatibility<\/b>&nbsp;mode to identify devices not updated.<\/li>\n<li><b>ENABLE:<\/b>&nbsp;After&nbsp;<b>Enforcement<\/b>&nbsp;mode&nbsp;is fully enabled in your environment, the vulnerabilities described in&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-29056<\/a>&nbsp;will   be mitigated.<\/li>\n<\/ol>\n<div>  <\/div>\n<div><b>Additional information:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5037754: How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>2024 \u5e74 4 \u6708 9 \u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f 2024 \u5e74 4 \u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306f\u3001<a href=\"https:\/\/learn.microsoft.com\/openspecs\/windows_protocols\/ms-apds\/82b7b7c6-413d-4d66-b6b7-4a9224549782\" rel=\"noopener noreferrer\" target=\"_blank\">Kerberos PAC \u691c\u8a3c\u30d7\u30ed\u30c8\u30b3\u30eb<\/a>\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8106\u5f31\u6027\u306b\u5bfe\u51e6\u3057\u307e\u3059\u3002<a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805:   CVE-2022-37967 \u306b\u95a2\u9023\u3059\u308b Kerberos \u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a>\u300d\u3067&nbsp;\u8ffd\u52a0\u3055\u308c\u305f PAC \u7f72\u540d\u691c\u8a3c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c1\u30a7\u30c3\u30af\u306e\u30d0\u30a4\u30d1\u30b9\u3092\u9632\u3050\u305f\u3081\u306e<a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5037754<\/a>\u306e\u4e00\u74b0\u3068\u3057\u3066\u3001\u65b0\u3057\u3044<b>\u30a2\u30af\u30b7\u30e7\u30f3\u5b9f\u884c<\/b>\u624b\u9806\u304c\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u307e\u3057\u305f\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u767a\u751f\u3057\u307e\u3059\u304b:<\/b>&nbsp;<\/div>\n<ul>\n<li>2024 \u5e74 4 \u6708 9 \u65e5: 2024 \u5e74 4 \u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30ea\u30ea\u30fc\u30b9\u306b\u3088\u308a\u3001\u521d\u671f\u5c55\u958b\u30d5\u30a7\u30fc\u30ba\u304c\u958b\u59cb\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li>2024 \u5e74 10 \u6708 15 \u65e5: <b>\u65e2\u5b9a\u3067\u5f37\u5236<\/b> \u30d5\u30a7\u30fc\u30ba\u304c\u958b\u59cb\u3055\u308c\u3001Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c <b>\u5f37\u5236 <\/b>  \u30e2\u30fc\u30c9\u306b\u79fb\u884c\u3057\u307e\u3059\u3002\u3053\u306e\u30d5\u30a7\u30fc\u30ba\u3067\u306f\u3001\u7ba1\u7406\u8005\u304c [&nbsp;<b>\u65e2\u5b9a\u3067<\/b>&nbsp;\u9069\u7528] \u306e\u8a2d\u5b9a\u3092\u4e0a\u66f8\u304d\u3057\u3066\u3001<b>\u4e92\u63db<\/b>&nbsp;\u30e2\u30fc\u30c9\u306b\u623b\u3059&nbsp;\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/li>\n<li>2025 \u5e74 4 \u6708 8 \u65e5: <b>\u9069\u7528<\/b> \u30d5\u30a7\u30fc\u30ba\u304c\u958b\u59cb\u3055\u308c\u3001\u65b0\u3057\u3044\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3067\u4fdd\u8b77\u3055\u308c\u305f\u52d5\u4f5c\u3092\u5143\u306b\u623b\u3059\u30aa\u30d7\u30b7\u30e7\u30f3\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u53ca\u307c\u3059\u5f71\u97ff:<\/b>&nbsp;<\/div>\n<div><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>&nbsp;\u304a\u3088\u3073&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-29056<\/a>   \u3067&nbsp;\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u6027\u3092\u8efd\u6e1b\u3059\u308b\u306b\u306f\u3001Windows \u74b0\u5883\u5168\u4f53 (\u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4e21\u65b9\u3092\u542b\u3080) \u304c\u66f4\u65b0\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u66f4\u65b0\u3055\u308c\u3066\u3044\u306a\u3044\u74b0\u5883\u306f\u3001<b>\u5f37\u5236<\/b>\u30e2\u30fc\u30c9\u306e\u958b\u59cb\u5f8c\u306b\u3053\u306e\u65b0\u3057\u3044\u8981\u6c42\u69cb\u9020\u3092\u8a8d\u8b58\u3057\u307e\u305b\u3093\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30a7\u30c3\u30af\u304c\u5931\u6557\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b>&nbsp;<\/div>\n<div>\u74b0\u5883\u3092\u4fdd\u8b77\u3057\u3001\u505c\u6b62\u3092\u9632\u3050\u306b\u306f\u3001\u6b21\u306e\u624b\u9806\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/div>\n<ol>\n<li><b>\u66f4\u65b0:<\/b>&nbsp;Windows \u30c9\u30e1\u30a4\u30f3 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068 Windows \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u30012024 \u5e74 4 \u6708 9 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<li><b>\u30e2\u30cb\u30bf\u30fc:<\/b>&nbsp;\u76e3\u67fb\u30a4\u30d9\u30f3\u30c8\u306f<b>\u4e92\u63db<\/b>&nbsp;\u30e2\u30fc\u30c9\u3067\u8868\u793a\u3055\u308c&nbsp;\u3001\u66f4\u65b0\u3055\u308c\u3066\u3044\u306a\u3044\u30c7\u30d0\u30a4\u30b9\u3092\u8b58\u5225\u3057\u307e\u3059\u3002<\/li>\n<li><b>\u6709\u52b9:<\/b>&nbsp;&nbsp;\u74b0\u5883\u3067<b>\u5f37\u5236<\/b>&nbsp;\u30e2\u30fc\u30c9&nbsp;\u304c\u5b8c\u5168\u306b\u6709\u52b9\u306b\u306a\u308b\u3068\u3001<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26248\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-26248<\/a>&nbsp;\u304a\u3088\u3073&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29056\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-29056<\/a>&nbsp;\u3067&nbsp;\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u6027\u304c\u8efd\u6e1b\u3055\u308c\u307e\u3059\u3002<\/li>\n<\/ol>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5037754\" rel=\"noopener noreferrer\" target=\"_blank\">KB5037754: CVE-2024-26248 \u304a\u3088\u3073 CVE-2024-29056 \u306b\u95a2\u9023\u3059\u308b PAC \u691c\u8a3c\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/help\/5020805\" rel=\"noopener noreferrer\" target=\"_blank\">KB5020805: CVE-2022-37967 \u306b\u95a2\u9023\u3059\u308b Kerberos \u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5909\u66f4\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC776076 | New steps have been released to mitigate Kerberos signature validation vulnerabilities Classificati [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5971","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/5971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=5971"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/5971\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=5971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=5971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=5971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}