2026年6月19日の
セキュリティ情報

Subject: [Security Advisory] Microsoft Defender Privilege Escalation (CVE-2026-50656)

Dear IT/Security Team,

We are sharing information regarding a confirmed zero-day vulnerability in Microsoft Defender.

■ Overview
A race condition vulnerability (CVE-2026-50656, CVSS 7.8) has been identified in the Microsoft Malware Protection Engine. This flaw allows an attacker to escalate privileges to the SYSTEM level, enabling the execution of arbitrary code with the highest permissions.

■ Scope
- Windows 10 and Windows 11 systems running Microsoft Defender
- Confirmed to affect systems updated with the June 2026 Patch Tuesday updates

■ Action Plan
1. Monitor official Microsoft security channels for the release of the security update for CVE-2026-50656.
2. Deploy the patch across all affected endpoints immediately upon release.

■ Reference
- CVE-2026-50656

Priority: High
Deadline: Immediately upon patch availability

Subject: [Security Advisory] Cisco ISE CVE-2026-20181 Remediation

Dear Team,

We are sharing information regarding a critical vulnerability in Cisco ISE.

■ Overview
A critical command execution vulnerability (CVE-2026-20181, CVSS 9.1) has been identified in Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated attacker with administrative privileges can execute arbitrary commands on the underlying OS, potentially gaining full root access.

■ Scope
- Cisco Identity Services Engine (ISE)
- Cisco ISE-PIC

■ Remediation Steps
1. Verify the current version of ISE/ISE-PIC in use.
2. Apply the latest security patches provided by Cisco to mitigate this vulnerability.

■ Reference
- Cisco Official Security Advisory

Priority: High
Deadline: Immediate

Subject: [Security Advisory] Ubiquiti Product Vulnerabilities

Dear IT Administration Team,

This is a notification regarding security vulnerabilities identified in Ubiquiti products.

■ Overview
Multiple vulnerabilities have been discovered in UID Enterprise Agent and UniFi OS-based devices. These flaws could allow a network attacker to bypass authentication, disclose sensitive information, execute arbitrary code, and escalate privileges.

■ Affected Scope
- UID Enterprise Agent: versions up to and including 1.61.3
- UniFi OS: versions up to and including 5.1.12
- UniFi OS Server: versions up to and including 5.0.8
- UDM-Beast: versions up to and including 5.1.11
- UNAS: versions up to and including 5.1.10
- Express: versions up to and including 4.0.14

■ Mitigation Steps
1. Identify the current versions of Ubiquiti devices in your environment.
2. Apply the latest security patches provided by the vendor to update to the fixed versions.

■ Reference
- Ubiquiti Official Security Bulletins

Priority: High
Deadline: Immediate

Subject: [Security Advisory] NGINX Vulnerability Remediation

Dear IT/Security Team,

This is a notification regarding high-severity vulnerabilities identified in NGINX products.

■ Overview
Two high-severity vulnerabilities have been reported in NGINX that could lead to a Denial of Service (DoS), resulting in service disruption or performance degradation.

■ Affected Scope
- NGINX Open Source: 1.30.0 - 1.30.2, 1.31.0 - 1.31.1
- NGINX Plus: 37.0.0 - 37.0.1, R33 - R36 (prior to R36 P6)
- NGINX Instance Manager: 2.17.0 - 2.22.0
- NGINX Gateway Fabric: 1.3.0 - 1.6.2, 2.0.0 - 2.6.3
- NGINX Ingress Controller: 3.5.0 - 3.7.2, 4.0.0 - 4.0.1, 5.0.0 - 5.5.0
- F5 WAF / App Protect / DoS per NGINX: various 4.x - 5.x

■ Remediation Steps
1. Identify the NGINX products and versions currently in use within the environment.
2. Update the affected products to the latest patched versions as per the vendor's guidance.

■ Reference
- Official NGINX Security Advisory

Priority: High
Deadline: Immediate

Subject: [Action Required] Update your Firefox Browser and Thunderbird Email Client

Dear employees,

Security vulnerabilities have been identified in Mozilla Firefox and Thunderbird. If left unpatched, these could potentially allow attackers to execute unauthorized code on your system.

Please take the following actions:
1. Open Firefox and Thunderbird and update them to the latest available version.
2. Restart the applications to ensure the updates are applied.

Deadline: End of today

件名: 【共有】Mozilla製品（Firefox/Thunderbird）の脆弱性対応について

お疲れさまです。Mozilla製品のセキュリティアップデートに関する情報共有です。

■ 概要
FirefoxおよびThunderbirdにおいて、重要度「高」の脆弱性が16件修正されました。影響は任意のコード実行 (ACE)、セキュリティ制限のバイパス、権限昇格に及びます。

■ 影響範囲
- Mozilla Firefox 152未満
- Firefox ESR 140.12未満 / 115.37未満
- Firefox for iOS 152.0未満
- Thunderbird 152未満 / 140.12未満

■ 対応手順
1. 各エンドポイントで最新バージョンへのアップデートを強制適用、またはユーザーに更新を促す。
2. 組織的にバージョン管理を行っている場合は、上記修正バージョンへの移行を確認する。

■ 参考情報
- Mozilla公式セキュリティアドバイザリ

対応優先度: 高
対応期限: 速やかに

Subject: [Technical Alert] Mozilla Firefox and Thunderbird Security Updates

Dear IT Security Team,

Mozilla has released critical security updates addressing 16 high-severity vulnerabilities across its product suite.

■ Overview
Fixed vulnerabilities include Arbitrary Code Execution (ACE), Security Restrictions Bypass, and Privilege Escalation.

■ Affected Versions
- Mozilla Firefox: < 152
- Firefox ESR: < 140.12 / < 115.37
- Firefox for iOS: < 152.0
- Thunderbird: < 152 / < 140.12

■ Mitigation Steps
1. Ensure all managed endpoints are updated to the latest versions.
2. Verify the deployment of patches across the organization's browser and email client fleet.

■ Reference
- Mozilla Official Security Advisory

Priority: High
Deadline: Immediate