2026年4月8日の
セキュリティ情報

Subject: [Security Notice] Caution Regarding Suspicious Files

Hi everyone,

Our security team has identified a threat where attackers use malicious files to gain unauthorized administrator access to Windows computers.

How you can help:
1. Do not open attachments from unknown senders or files downloaded from untrusted sources, especially those with the .msc extension.
2. Please apply any pending Windows Updates as soon as they become available on your device.

If you notice any unusual activity on your computer, please report it to the IT helpdesk immediately. We appreciate your prompt cooperation.

件名: 【脆弱性対応】Microsoft MMCにおける特権昇格の脆弱性 (CVE-2025-26633)

お疲れさまです。標記の脆弱性に関する情報共有です。

■ 概要
Microsoft Management Console (MMC) の脆弱性 (CVE-2025-26633) を利用し、悪意のある .msc ファイルを実行させることで、攻撃者がローカル管理者アカウントを任意に作成できる問題です。CVSS 7.8 (High) とされており、Water Gamayun APT 等の脅威アクターによる実環境での悪用が報告されています。

■ 影響範囲
- Windows 10 (全エディション)
- Windows 11 (全エディション)
- Windows Server 2016, 2019, 2022, 2025

■ 対応手順
1. 2025年3月の Microsoft パッチ (KB5053602 以降) が適用されているか確認してください。
2. 未適用の端末に対し、優先的に Windows Update を実施してください。
3. エンドポイント保護製品にて、不審な .msc ファイルの実行や、不自然なローカルアカウント作成のログを監視してください。

■ 参考情報
- CVE-2025-26633
- Exploit-DB EDB-ID: 52498

対応優先度: 高（速やかなパッチ適用を推奨）

Subject: [Action Required] Local Privilege Escalation in Microsoft MMC (CVE-2025-26633)

Dear IT Administration Team,

We are sharing critical information regarding a vulnerability in the Microsoft Management Console (MMC).

■ Overview
CVE-2025-26633 allows an attacker to create a local administrator account via a specially crafted .msc file. With a CVSS score of 7.8 (High), this vulnerability is being actively exploited in the wild by threat actors such as Water Gamayun APT.

■ Affected Scope
- Windows 10 (All editions)
- Windows 11 (All editions)
- Windows Server 2016, 2019, 2022, 2025

■ Mitigation Steps
1. Verify the installation of the March 2025 Microsoft security updates (KB5053602 or later).
2. Prioritize the deployment of these updates to all unpatched systems.
3. Monitor EDR/SIEM logs for the execution of suspicious .msc files or unauthorized local account creation.

■ Reference
- CVE-2025-26633
- Exploit-DB EDB-ID: 52498

Priority: High (Prompt patching is strongly recommended)

Subject: [Action Required] Heap Overflow Vulnerability in SQLite (winsqlite3.dll) on Windows Server

Hi all,

This is a security advisory regarding a critical vulnerability affecting Windows Server environments.

■ Overview
A heap overflow vulnerability (CVE-2025-6965) has been identified in SQLite versions prior to 3.50.2 (specifically winsqlite3.dll). With a CVSS score of 7.2 (High), this flaw can be triggered by executing queries containing a large number of aggregate functions, leading to memory corruption.

■ Scope of Impact
- Affected Systems: Windows Server instances (including 2022 and 2025) utilizing winsqlite3.dll.
- Impacted Services: Active Directory, Group Policy, Certificate Services, and Azure AD Connect.
- Potential Risk: Service crashes (DoS) and potential Remote Code Execution (RCE), which could lead to the compromise of Domain Controllers.

■ Remediation Steps
1. Apply the latest Windows Cumulative Update (released July 2025 or later).
2. Alternatively, upgrade SQLite to version 3.50.2 or higher.

■ Reference
- CVE-2025-6965
- SQLite Official: https://www.sqlite.org

Priority: High (Prompt remediation is strongly recommended)

Subject: [Action Required] Please update your Google Chrome browser

Hi everyone,

A security vulnerability has been identified in Google Chrome. If left unpatched, this could potentially allow attackers to compromise your system via malicious websites.

What we need you to do:
1. Update Google Chrome to the latest version.
2. You can do this by clicking the three dots (︙) in the top right corner → Help → About Google Chrome. The update will start automatically.

Please prioritize this update as soon as practical.

件名: 【脆弱性対応】NEC Aterm、Google Chrome、NetScaler、F5 BIG-IP等の複数製品における脆弱性について

お疲れさまです。脆弱性情報に関する共有です。

■ 概要
JPCERT/CCの週報にて、NEC Atermシリーズ、WatchGuard Firebox、Google Chrome、NetScaler ADC/Gateway (CVE-2026-3055)、F5 BIG-IP (CVE-2025-53521) 等の複数の製品に深刻な脆弱性が報告されています。リモートコード実行や不正アクセス、パストラバーサル等のリスクが含まれています。

■ 影響範囲
- NEC Atermシリーズ（機種により異なる）
- WatchGuard Firebox (Fireware OS Web UI)
- Google Chrome
- NetScaler ADC / NetScaler Gateway
- F5 BIG-IP Access Policy Manager

■ 対応手順
1. 社内で利用している上記製品の資産リストを確認してください。
2. 各ベンダーが提供する最新の修正済みパッチまたはファームウェアを適用してください。
3. 適用後、正常に動作することを確認してください。

■ 参考情報
- JPCERT/CC 週報: https://www.jpcert.or.jp/wr/
- NEC Aterm セキュリティ情報: https://jpn.nec.com/security-info/secinfo/nv26-001.html

対応優先度: 高（速やかな対応を推奨）

Subject: [Security Advisory] Multiple Vulnerabilities in NEC Aterm, Google Chrome, NetScaler, and F5 BIG-IP

Hi all,

This is a notification regarding several critical vulnerabilities reported in the latest JPCERT/CC weekly report.

■ Overview
Multiple vulnerabilities have been identified across various products, including NEC Aterm series, WatchGuard Firebox, Google Chrome, NetScaler ADC/Gateway (CVE-2026-3055), and F5 BIG-IP (CVE-2025-53521). These flaws could lead to remote code execution, unauthorized data access, and path traversal.

■ Scope
- NEC Aterm series (varies by model)
- WatchGuard Firebox (Fireware OS Web UI)
- Google Chrome
- NetScaler ADC / NetScaler Gateway
- F5 BIG-IP Access Policy Manager

■ Remediation Steps
1. Identify all instances of the affected products within the corporate environment.
2. Apply the latest security patches or firmware updates provided by the respective vendors.
3. Verify system stability after the updates.

■ Reference
- JPCERT/CC Weekly Report: https://www.jpcert.or.jp/wr/
- NEC Aterm Security Info: https://jpn.nec.com/security-info/secinfo/nv26-001.html

Priority: High (Prompt action is recommended)

Subject: [Action Required] Zero-Day Exploitation by Storm-1175 and Medusa Ransomware Deployment

Dear IT Administration Team,

This is a security advisory regarding the activities of the threat actor known as Storm-1175.

■ Overview
Storm-1175, a sophisticated group linked to the Chinese government, is exploiting zero-day vulnerabilities, including CVE-2025-10035, to deploy Medusa ransomware. The group is known for an extremely aggressive attack tempo, often compromising internal networks and deploying ransomware within 24 hours of initial entry using vulnerability chaining techniques.

■ Scope of Impact
- Microsoft Exchange Servers
- Oracle WebLogic instances
- Linux systems
- Systems vulnerable to CVE-2025-10035

■ Recommended Actions
1. Promptly apply security patches for CVE-2025-10035 and all critical updates for MS Exchange and Oracle WebLogic.
2. Monitor for the unauthorized execution of tools frequently used for data exfiltration, such as Rclone and Bandizip.
3. Audit endpoint security configurations (e.g., Microsoft Defender) to ensure no unauthorized exclusions have been added to bypass detection.

■ Reference
- Microsoft Threat Intelligence
- CVE-2025-10035 Official Advisory

Priority: High (Prompt action is strongly recommended)

Subject: [Action Required] Critical Vulnerabilities in Movable Type

Hi all,

This is a security advisory regarding critical vulnerabilities discovered in Movable Type.

■ Overview
Two severe vulnerabilities have been identified in the listing framework of Movable Type. Specifically, CVE-2026-25776 allows unauthenticated remote code execution (RCE) with a CVSS v4.0 score of 9.3. Additionally, CVE-2026-33088 is a SQL injection vulnerability that could lead to unauthorized data access or tampering.

■ Scope
- Movable Type / Movable Type Premium
- Multiple versions, including EOL (End-of-Life) versions

■ Remediation Steps
1. Identify the current version of Movable Type deployed in your environment.
2. Apply the latest security patches provided by Six Apart promptly.
- Patched versions include: 9.1.1 / 9.0.7 / 8.8.3 / 8.0.10 / 2.15, etc.

■ Reference
- Six Apart Official Advisory
- JVN (Japan Vulnerability Notes)

Priority: High (Prompt update is strongly recommended)