Image may be NSFW.
Clik here to view.
Microsoftは4月8日(現地時間)、毎月米国時間の第2火曜日に提供している月例更新の一環として、Windows 11 Version 24H2用の累積アップデートKB5055523等をリリースしました。
更新プログラムは主にシステムの品質を改善し、セキュリティ問題を修正するものです。
自動的にインストールされますが、Windows UpdateまたはMicrosoft Update Catalogを利用して手動でインストールすることもできます。
それぞれの変更点は以下の通りです(キュリティアップデートの内容は日本Microsoftのブログで参照できます)。
April 8, 2025—KB5055523 (OS Build 26100.3775)
Windows 11 Version 24H2用の更新プログラムKB5055523では、3月27日に公開されたKB5053656の内容に加え、特にKerberosを使用している環境でCredential Guard を有効にしている場合に発生していたユーザー認証に関する問題が修正されています。チリのアイセン地域のサーマタイム変更への対応や、PcaUiArmUpdate機能に影響する問題への対処も行われています。
リリースノートは以下の通りです。
ハイライト
This update addresses security issues for your Windows operating system.
改良と修正
[Authentication] This update addresses an issue affecting machine password rotation in the Identity Update Manager certificate/Public Key Cryptography for Initial Authentication (PKNIT) path. This issue occurred particularly when Kerberos was used and Credential Guard was enabled, potentially causing user authentication problems. The feature Machine Accounts in Credential Gurad, which is dependent on password rotation via Kerberos, has also been disabled, until a permanent fix is made available.
[Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
[PcaUiArm] This update addresses an issue affecting the PcaUiArmUpdate feature, which results in unexpected behavior in specific scenarios.
既知の不具合
更新プログラムには以下の3件の既知の不具合が存在します。
Roblox(All users)Symptom:We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows.
Workaround:Roblox is working on a resolution to address this issue. Please refer to the Roblox support site for updates. Until the resolution is available, players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
Citrix(All users)Symptom:Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.
Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device.
This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.Workaround:Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation.
Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
Windows Hello(All users)Symptoms:We're aware of an edge case of Windows Hello issue affecting devices with specific security features enabled. After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN. Users might observe a Windows Hello Message saying "Something happened and your PIN isn't available. Click to set up your PIN again" or "Sorry something went wrong with face setup".
Note: This issue only affects devices where System Guard Secure Launch or Dynamic Root of Trust for Measurement (DRTM) feature is enabled after installing this update. Devices with Secure Launch or DRTM enabled prior to this update, or those with these features disabled, are not impacted by this issue.
Workaround:
To login using PIN, follow the Set my PIN prompt on the logon screen to re-enroll into Windows Hello.
To use Face Logon, re-enroll in Windows Hello Facial recognition go to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello), and select Set up. Follow the on-screen instructions.
更新プログラムはWindows Updateの他、Microsoft Update Catalog、Windows Server Update Services(WSUS)を利用してインストールすることができます。
April 8, 2025—KB5055528 (OS Builds 22621.5189 and 22631.5189)
Windows 11 Version 23H2/22H2用の更新プログラムKB5055528では、チリのアイセン地域のサマータイムの変更への対応や、OSの内部機能に対する雑多なセキュリティの改善が行われています。
リリースノートは以下の通りです。
ハイライト
[Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
改良と修正
This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
既知の不具合
更新プログラムには以下の2件の既知の不具合が存在します。
Citrix(All users)Symptom:Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.
Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device.
This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.Workaround:Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation.
Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
Active Directory Group Policy: Events in local policySymptom:Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing".
This issue might only manifest as a reporting inconsistency. It’s possible that logon events are correctly being audited on the device. However, the “Audit logon events” policy will reflect that this is not the case. Home users are unlikely to be affected by this issue, as logon auditing is generally only necessary in enterprise environments.
Workaround:Adjustments to the Windows registry will prevent this issue.
Important: This workaround contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows.
Open the Windows registry editor and navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRightsRight-click AccessRights > Permissions, select Advanced. Then, change owner to Administrators, check Replace owner on subcontainers and objects, select Apply and OK.
In the Permissions window, select Administrators, check Full Control under “Allow”, select Apply and OK.
Modify the GUID key to the following value:
{0CCE924B-69AE-11D9-BED3-505054503030}Enable the subcategory with the correct GUID using the following command (open a Run dialog, then type the following command and press enter):
auditpol /set /subcategory:{0CCE924B-69AE-11D9-BED3-505054503030} /success:enable /failure:enableReverse the permission changes: Right-click AccessRights > Permissions, select Advanced. Then, change owner to "NT SERVICE\TrustedInstaller”, check Replace owner on subcontainers and objects, select Apply and OK.
In the Permissions window, select Administrators, check Read under “Allow”, select Apply and OK.
Next Steps
Microsoft is working on a resolution and will provide more information when it is available.
更新プログラムはWindows Updateの他、Microsoft Update Catalog、Windows Server Update Services(WSUS)を利用してインストールすることができます。