2026年4月23日の
セキュリティ情報

Subject: [Security Advisory] Widespread Attacks by "The Gentlemen" Ransomware Group

Dear IT Administration Team,

We are sharing critical information regarding a widespread campaign by the ransomware group known as "The Gentlemen."

■ Overview
It has been reported that "The Gentlemen" have infected over 1,570 corporate networks using SystemBC C2 servers. The attackers utilize a Go-based locker targeting multiple operating systems (Windows, Linux, NAS, BSD). They employ sophisticated tactics, including the use of PowerShell scripts to disable Windows Defender and the exploitation of Group Policy Objects (GPO) to gain full domain control.

■ Scope of Impact
- Environments running Windows, Linux, NAS, or BSD
- Domain environments utilizing Active Directory (GPO)

■ Recommended Actions
1. Enhance monitoring of GPO changes to detect unauthorized policy modifications.
2. Tighten PowerShell execution policies to restrict the running of unauthorized scripts.
3. Implement detection rules for SystemBC C2 communication patterns within your IDS/IPS and EDR.
4. Verify the integrity of EDR real-time monitoring settings to ensure they have not been disabled.

■ Reference
- Check Point Research

Priority: High (Prompt action is highly recommended)

Subject: [Action Required] Security Update for Windows Event Log Analysis Tool "LogonTracer"

Hi all,

This is a security advisory regarding vulnerabilities discovered in the Windows event log analysis tool "LogonTracer."

■ Overview
Multiple vulnerabilities have been identified in LogonTracer. Specifically, CVE-2026-33277 is a critical OS command injection vulnerability (CVSS v3.0: 8.8) that allows logged-in users to execute arbitrary OS commands. Additionally, CVE-2026-33566 allows for database tampering when loading specially crafted event log data.

■ Scope
- Product: LogonTracer
- Fixed Version: v2.0.0 and later

■ Remediation Steps
1. Verify the current version of LogonTracer in use within your environment.
2. Promptly update the tool to the latest version (v2.0.0 or newer) to mitigate these risks.

■ Reference
- GitHub: JPCERTCC/LogonTracer
- JPCERT Coordination Center PR

Priority: High (Prompt update is strongly recommended)

Subject: [Action Required] Security Update for GitLab - Multiple Vulnerabilities Fixed

Hi all,

This is a security advisory regarding critical updates for GitLab.

■ Overview
GitLab has released security updates to address 11 vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE). Three of these are rated as "High" severity, including CSRF in the GraphQL API (CVE-2026-4922), arbitrary JavaScript execution in the Web IDE (CVE-2026-5816), and XSS in the Storybook environment (CVE-2026-5262). The highest CVSS v3.1 base score is 8.1.

■ Affected Scope
- GitLab Community Edition (CE)
- GitLab Enterprise Edition (EE)

■ Remediation Steps
1. Verify the current version of your GitLab installation.
2. Update to one of the following patched versions promptly:
- 18.11.1
- 18.10.4
- 18.9.6

■ Reference
- GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6

Priority: High (Prompt update is highly recommended)

Subject: [Action Required] Critical Vulnerability in Firebird SQL (CVE-2026-40342)

Hi all,

This is a security advisory regarding a critical vulnerability identified in Firebird SQL.

■ Overview
A path traversal vulnerability (CVE-2026-40342) has been discovered in the Firebird relational database. If an attacker possesses the privileges to execute "CREATE FUNCTION," they can force the server to load an arbitrary library file, potentially leading to remote code execution (RCE). This vulnerability has been assigned a CVSSv3.1 base score of 9.9 (Critical).

■ Affected Scope
- Firebird SQL versions prior to the patched releases.

■ Remediation Steps
1. Verify the current version of Firebird SQL in use across your environments.
2. Promptly update to the patched versions: Firebird 5.0.4, 4.0.7, or 3.0.14.
3. Review and restrict SQL execution privileges, specifically the "CREATE FUNCTION" permission, to ensure the principle of least privilege is applied.

■ Reference
- GitHub: FirebirdSQL/firebird

Priority: High (Prompt action is strongly recommended)

Subject: [Action Required] Please Update Your Windows Security

Hi everyone,

A high-severity vulnerability has been identified in Microsoft Defender that could allow attackers to gain unauthorized access to your system.

What we need you to do:
1. Run Windows Update and install all available security patches.
2. Restart your computer to ensure the updates are fully applied.

Please prioritize this update to keep your device secure.

件名: 【脆弱性対応】Microsoft Defenderの権限昇格の脆弱性（CVE-2026-33825）について

お疲れさまです。標記の脆弱性に関する情報共有です。

■ 概要
Microsoft Defenderにおける権限昇格の脆弱性（通称：BlueHammer / CVE-2026-33825）が報告されました。アクセス制御の不備により、低権限のローカル攻撃者がSYSTEM権限を取得される恐れがあります。既にゼロデイ攻撃として悪用されていることが確認されており、CISAも米政府機関に迅速なパッチ適用を命じています。

■ 影響範囲
- Microsoft Defender を搭載した Windows システム

■ 対応手順
1. 2026年4月14日にリリースされたセキュリティ更新プログラムを適用してください。
2. 併せて報告されている関連脆弱性（RedSun, UnDefend）への対策状況を確認してください。

■ 参考情報
- CISA / Microsoft Security Response Center (MSRC)

対応優先度: 高（速やかな対応を推奨）

Subject: [Security Advisory] Privilege Escalation Vulnerability in Microsoft Defender (CVE-2026-33825)

Hi all,

This is a notification regarding a critical vulnerability in Microsoft Defender.

■ Overview
A high-severity privilege escalation flaw, dubbed "BlueHammer" (CVE-2026-33825), has been identified. This vulnerability allows a low-privileged local attacker to gain SYSTEM permissions due to insufficient granularity of access control. This flaw has been exploited as a zero-day, prompting CISA to order immediate patching for federal agencies.

■ Scope
- Windows systems utilizing Microsoft Defender

■ Mitigation Steps
1. Deploy the security updates released on April 14, 2026.
2. Verify the status of other related flaws mentioned in the report (RedSun and UnDefend).

■ Reference
- CISA / Microsoft Security Response Center (MSRC)

Priority: High (Prompt remediation is recommended)