{"id":7809,"date":"2024-08-17T06:01:14","date_gmt":"2024-08-16T21:01:14","guid":{"rendered":"https:\/\/m365jp.net\/?p=7809"},"modified":"2024-08-17T06:15:57","modified_gmt":"2024-08-16T21:15:57","slug":"mc863964-protect-against-security-risks-and-nps-connection-failures-that-affect-radius-server-environments","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-08-17-mc863964-protect-against-security-risks-and-nps-connection-failures-that-affect-radius-server-environments","title":{"rendered":"MC863964 | Protect against security risks and NPS connection failures that affect RADIUS server environments"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC863964 | Protect against security risks and NPS connection failures that affect RADIUS server environments<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>08\/16\/2024 20:21:13<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>08\/16\/2024 20:21:12<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>08\/16\/2025 20:21:12<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>A security risk exists in the Remote Authentication Dial-In User Service (RADIUS) protocol.  <a href=\"https:\/\/learn.microsoft.com\/dotnet\/api\/system.security.cryptography.md5?view=net-8.0\" rel=\"noopener noreferrer\" target=\"_blank\">  MD5<\/a> collision problems affect <a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-udp-ports-configure\" rel=\"noopener noreferrer\" target=\"_blank\">  User Datagram Protocol<\/a> or UDP-based RADIUS traffic over the internet. Data packets are at risk of forgery or changes to them during transit. To learn more, see  <a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5040268<\/a>.<\/div>\n<div>  <\/div>\n<div>As of July 9, 2024, Windows updates support the <b>Message-Authenticator<\/b> attribute in  <b>Access-Request<\/b> packets. The new RADIUS standards mandate this change.<\/div>\n<div>However, if you install the July 2024, or later, updates, <a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-top\" rel=\"noopener noreferrer\" target=\"_blank\">  Network Policy Server (NPS)<\/a> connection failures can happen. This update does not cause these connection failures. This only occurs if your company\u2019s firewall or RADIUS solution does not support this attribute. To learn more, see  <a href=\"https:\/\/support.microsoft.com\/topic\/kb5043417-radius-authentication-to-nps-might-fail-with-the-july-2024-security-update-and-later-updates-1a9d6cd4-5f8a-40eb-b2d6-f3a11cc0c308\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5043417<\/a>.<\/div>\n<div>  <\/div>\n<div>We recommend that you enable the <b>Message-Authenticator<\/b> attribute in <b>  Access-Request<\/b> packets. Doing this addresses this NPS issue and the security risk.<\/div>\n<div>&nbsp;<\/div>\n<div><b>When will this happen:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>As of July 9, 2024, you now have more information to address this NPS issue and security risk in your environment.<\/div>\n<div>&nbsp;<\/div>\n<div><b>How this will affect your organization:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>The security risk requires physical access to both the RADIUS network and the NPS. Also, it does not apply when RADIUS traffic goes over a VPN. By making one or more of the changes below, you can enhance the security of UDP-based RADIUS traffic. You can   also avoid NPS connection failures.<\/div>\n<div>  <\/div>\n<div><b>What you need to do to prepare:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>To help protect your environment, we recommend that you enable the following:<\/div>\n<div>  <\/div>\n<ul>\n<li>Set the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute in&nbsp;<b>Access-Request<\/b>&nbsp;packets.&nbsp;Make sure all&nbsp;<b>Access-Request<\/b>&nbsp;packets include the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute. By default, the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute is turned off. We recommend&nbsp;turning   this option on.<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>Verify the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute in&nbsp;<b>Access-Request<\/b>&nbsp;packets.&nbsp;Consider enforcing validation of the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute on&nbsp;<b>Access-Request<\/b>&nbsp;packets.&nbsp;<b>Access-Request<\/b>&nbsp;packets without this attribute will not   be processed. By default, the&nbsp;<b>Access-Request messages must contain the message-authenticator attribute<\/b>&nbsp;option is turned off. We recommend turning this option on.<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>Verify the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute in&nbsp;<b>Access-Request<\/b>&nbsp;packets if the&nbsp;<b>Proxy-State<\/b>&nbsp;attribute is present.&nbsp;Optionally, enable the&nbsp;<b>limitProxyState<\/b>&nbsp;configuration if enforcing validation of the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute   on&nbsp;<b>Access-Request<\/b>&nbsp;packets cannot be performed. This configuration will validate that&nbsp;<b>Access-Request<\/b>&nbsp;packets containing the&nbsp;<b>Proxy-State<\/b>&nbsp;attribute also contain the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute. By default, the&nbsp;<b>limitproxystate<\/b>&nbsp;attribute   is turned off. We recommend turning this attribute on.<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>Verify the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute in RADIUS response packets:&nbsp;<b>Access-Accept<\/b>,&nbsp;<b>Access-Reject<\/b>,&nbsp;and&nbsp;<b>Access-Challenge<\/b>.&nbsp;Enable the&nbsp;<b>requireMsgAuth<\/b>&nbsp;configuration to enforce dropping the RADIUS response packets from remote   servers that lack the&nbsp;<b>Message-Authenticator<\/b>&nbsp;attribute. By default, the&nbsp;<b>requiremsgauth<\/b>&nbsp;attribute is tuned off. We recommend turning this attribute on.<\/li>\n<\/ul>\n<div>  <\/div>\n<div>You can find detailed guidance on applying these in <a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5040268<\/a>. See the Additional information section below.<\/div>\n<div>  <\/div>\n<div><b>Additional information:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>For more information about this security risk and NPS issue, see:<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">KB5040268: How to manage the   Access-Request packets attack vulnerability associated with CVE-2024-3596<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/kb5043417-radius-authentication-to-nps-might-fail-with-the-july-2024-security-update-and-later-updates-1a9d6cd4-5f8a-40eb-b2d6-f3a11cc0c308\" rel=\"noopener noreferrer\" target=\"_blank\">KB5043417: RADIUS authentication   to NPS might fail with the July 2024 security update and later updates<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-3596\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-3596<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-top\" rel=\"noopener noreferrer\" target=\"_blank\">Network Policy Server (NPS)<\/a><\/li>\n<li><a href=\"\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-udp-ports-configure\" rel=\"noopener noreferrer\" target=\"_blank\">User Datagram Protocol (UDP)<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>Remote Authentication Dial-In User Service (RADIUS) \u30d7\u30ed\u30c8\u30b3\u30eb\u306b\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u30ea\u30b9\u30af\u304c\u3042\u308a\u307e\u3059\u3002  <a href=\"https:\/\/learn.microsoft.com\/dotnet\/api\/system.security.cryptography.md5?view=net-8.0\" rel=\"noopener noreferrer\" target=\"_blank\">  MD5<\/a> \u30b3\u30ea\u30b8\u30e7\u30f3\u306e\u554f\u984c\u306f\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306e <a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-udp-ports-configure\" rel=\"noopener noreferrer\" target=\"_blank\">  \u30e6\u30fc\u30b6\u30fc \u30c7\u30fc\u30bf\u30b0\u30e9\u30e0 \u30d7\u30ed\u30c8\u30b3\u30eb<\/a> \u307e\u305f\u306f UDP \u30d9\u30fc\u30b9\u306e RADIUS \u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306b\u5f71\u97ff\u3057\u307e\u3059\u3002\u30c7\u30fc\u30bf\u30d1\u30b1\u30c3\u30c8\u306f\u3001\u8ee2\u9001\u4e2d\u306b\u507d\u9020\u307e\u305f\u306f\u5909\u66f4\u3055\u308c\u308b\u30ea\u30b9\u30af\u304c\u3042\u308a\u307e\u3059\u3002\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c  <a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5040268<\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div>2024 \u5e74 7 \u6708 9 \u65e5\u306e\u6642\u70b9\u3067\u3001Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u306f <b>Access-Request<\/b> \u30d1\u30b1\u30c3\u30c8\u306e <b>Message-Authenticator<\/b> \u5c5e\u6027\u304c\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u65b0\u3057\u3044 RADIUS \u6a19\u6e96\u3067\u306f\u3001\u3053\u306e\u5909\u66f4\u304c\u7fa9\u52d9\u4ed8\u3051\u3089\u308c\u3066\u3044\u307e\u3059\u3002<\/div>\n<div>\u305f\u3060\u3057\u30012024 \u5e74 7 \u6708\u4ee5\u964d\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3068\u3001 <a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-top\" rel=\"noopener noreferrer\" target=\"_blank\">  \u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30dd\u30ea\u30b7\u30fc \u30b5\u30fc\u30d0\u30fc (NPS)<\/a> \u63a5\u7d9a\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u306f\u3001\u3053\u308c\u3089\u306e\u63a5\u7d9a\u30a8\u30e9\u30fc\u306f\u767a\u751f\u3057\u307e\u305b\u3093\u3002\u3053\u308c\u306f\u3001\u4f1a\u793e\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u307e\u305f\u306f RADIUS \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u304c\u3053\u306e\u5c5e\u6027\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u306a\u3044\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c  <a href=\"https:\/\/support.microsoft.com\/topic\/kb5043417-radius-authentication-to-nps-might-fail-with-the-july-2024-security-update-and-later-updates-1a9d6cd4-5f8a-40eb-b2d6-f3a11cc0c308\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5043417<\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div><b>Access-Request<\/b> \u30d1\u30b1\u30c3\u30c8\u3067 <b>Message-Authenticator<\/b> \u5c5e\u6027\u3092\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u3053\u306eNPS\u306e\u554f\u984c\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u304c\u89e3\u6d88\u3055\u308c\u307e\u3059\u3002<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u884c\u308f\u308c\u307e\u3059\u304b:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>2024 \u5e74 7 \u6708 9 \u65e5\u306e\u6642\u70b9\u3067\u3001\u3053\u306e NPS \u306e\u554f\u984c\u3068\u74b0\u5883\u5185\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u306b\u5bfe\u51e6\u3059\u308b\u305f\u3081\u306e\u3088\u308a\u591a\u304f\u306e\u60c5\u5831\u304c\u5f97\u3089\u308c\u307e\u3057\u305f\u3002<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u306b\u306f\u3001RADIUS \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3068 NPS \u306e\u4e21\u65b9\u3078\u306e\u7269\u7406\u7684\u306a\u30a2\u30af\u30bb\u30b9\u304c\u5fc5\u8981\u3067\u3059\u3002\u307e\u305f\u3001RADIUS \u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u304c VPN \u3092\u7d4c\u7531\u3059\u308b\u5834\u5408\u3082\u9069\u7528\u3055\u308c\u307e\u305b\u3093\u3002\u4ee5\u4e0b\u306e 1 \u3064\u4ee5\u4e0a\u306e\u5909\u66f4\u3092\u884c\u3046\u3053\u3068\u3067\u3001UDP \u30d9\u30fc\u30b9\u306e RADIUS \u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3067\u304d\u307e\u3059\u3002\u307e\u305f\u3001NPS \u63a5\u7d9a\u306e\u5931\u6557\u3092\u56de\u907f\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>\u74b0\u5883\u3092\u4fdd\u8b77\u3059\u308b\u305f\u3081\u306b\u3001\u4ee5\u4e0b\u3092\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<ul>\n<li>&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306e&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002&nbsp;\u3059\u3079\u3066\u306e&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306b  <b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u304c\u542b\u307e\u308c\u3066\u3044\u308b&nbsp;\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u306f\u30aa\u30d5\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u30aa\u30f3\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059&nbsp;\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306e&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306b&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u306e\u691c\u8a3c&nbsp;\u3092\u5f37\u5236\u3059\u308b\u3053\u3068\u3092\u691c\u8a0e\u3057\u3066\u304f\u3060\u3055\u3044\u3002&nbsp;\u3053\u306e\u5c5e\u6027\u304c\u306a\u3044  <b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306f\u51e6\u7406\u3055\u308c\u307e\u305b\u3093\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001&nbsp;<b>Access-Request \u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u306f message-authenticator \u5c5e\u6027<\/b>&nbsp;\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u542b\u307e\u308c\u3066\u3044\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093 \u306f\u30aa\u30d5\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u30aa\u30f3\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8&nbsp;\u306e&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002&nbsp;<b>Proxy-State<\/b>&nbsp;\u5c5e\u6027\u304c\u5b58\u5728\u3059\u308b\u5834\u5408\u306f\u3001\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u3001<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306e&nbsp;<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u306e\u691c\u8a3c&nbsp;\u3092\u5b9f\u884c\u3067\u304d\u306a\u3044\u5834\u5408\u306f\u3001&nbsp;<b>limitProxyState<\/b>&nbsp;\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002\u3053\u306e\u69cb\u6210\u3067\u306f\u3001<b>Proxy-State<\/b>&nbsp;\u5c5e\u6027\u3092\u542b\u3080&nbsp;<b>Access-Request<\/b>&nbsp;\u30d1\u30b1\u30c3\u30c8\u306b  <b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u3082\u542b\u307e\u308c\u3066\u3044\u308b&nbsp;\u3053\u3068\u304c&nbsp;\u691c\u8a3c\u3055\u308c\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001&nbsp;<b>limitproxystate<\/b>&nbsp;\u5c5e\u6027\u306f\u30aa\u30d5\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u5c5e\u6027\u3092\u30aa\u30f3\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<ul>\n<li>&nbsp;RADIUS \u5fdc\u7b54\u30d1\u30b1\u30c3\u30c8 (&nbsp;<b>Access-Accept<\/b>\u3001&nbsp;<b>Access-Reject<\/b>\u3001&nbsp;&nbsp;<b>Access-Challenge<\/b>) \u306e  <b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002&nbsp;<b>requireMsgAuth<\/b>&nbsp;\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3057\u3066&nbsp;\u3001<b>Message-Authenticator<\/b>&nbsp;\u5c5e\u6027\u304c\u306a\u3044&nbsp;\u30ea\u30e2\u30fc\u30c8\u30fb\u30b5\u30fc\u30d0\u304b\u3089\u306e RADIUS \u5fdc\u7b54\u30d1\u30b1\u30c3\u30c8\u306e\u30c9\u30ed\u30c3\u30d7\u3092\u5f37\u5236\u3057\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001&nbsp;<b>requiremsgauth<\/b>&nbsp;\u5c5e\u6027\u306f\u30aa\u30d5\u306b\u8abf\u6574\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u5c5e\u6027\u3092\u30aa\u30f3\u306b\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<div>\u3053\u308c\u3089\u3092\u9069\u7528\u3059\u308b\u305f\u3081\u306e\u8a73\u7d30\u306a\u30ac\u30a4\u30c0\u30f3\u30b9\u306b\u3064\u3044\u3066\u306f\u3001 <a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5040268<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4ee5\u4e0b\u306e\u300c\u8ffd\u52a0\u60c5\u5831\u300d\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b>&nbsp;<\/div>\n<div>  <\/div>\n<div>\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u3068 NPS \u306e\u554f\u984c\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u4ee5\u4e0b\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66\" rel=\"noopener noreferrer\" target=\"_blank\">KB5040268: CVE-2024-3596 \u306b\u95a2\u9023\u3059\u308b   Access-Request \u30d1\u30b1\u30c3\u30c8\u653b\u6483\u306e\u8106\u5f31\u6027\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/kb5043417-radius-authentication-to-nps-might-fail-with-the-july-2024-security-update-and-later-updates-1a9d6cd4-5f8a-40eb-b2d6-f3a11cc0c308\" rel=\"noopener noreferrer\" target=\"_blank\">KB5043417: NPS \u3078\u306e RADIUS   \u8a8d\u8a3c\u306f\u30012024 \u5e74 7 \u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3068\u305d\u308c\u4ee5\u964d\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u5931\u6557\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-3596\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2024-3596<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-top\" rel=\"noopener noreferrer\" target=\"_blank\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30dd\u30ea\u30b7\u30fc \u30b5\u30fc\u30d0\u30fc (NPS)<\/a><\/li>\n<li><a href=\"\/learn.microsoft.com\/windows-server\/networking\/technologies\/nps\/nps-udp-ports-configure\" rel=\"noopener noreferrer\" target=\"_blank\">\u30e6\u30fc\u30b6\u30fc\u30fb\u30c7\u30fc\u30bf\u30b0\u30e9\u30e0\u30fb\u30d7\u30ed\u30c8\u30b3\u30eb (UDP)<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC863964 | Protect against security risks and NPS connection failures that affect RADIUS server environments C [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7809","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/7809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=7809"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/7809\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=7809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=7809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=7809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}