Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2023-28314

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-28301

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

CVE-2023-28304

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28284

April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.

Tuesday, April 11, 2023 15:04

Microsoft released its monthly round of security updates and patches today, continuing its trend of fixing zero-day vulnerabilities on Patch Tuesday.

April's security update includes one vulnerability that’s actively being exploited in the wild. There are also eight critical vulnerabilities and the remaining 90 are considered “important.”

CVE-2023-28252, an elevation of privilege vulnerability in the Windows Common Log File System Driver, is actively being exploited in the wild, according to Microsoft, though proof of concept code is not currently available. An adversary could exploit this vulnerability to gain SYSTEM privileges.

The U.S. Cybersecurity and Infrastructure Security Agency already added the vulnerability to its list of know exploited issues and urged federal agencies to patch it as soon as possible.

Microsoft disclosed a similar zero-day issue in September that could also lead to the same privileges: CVE-2022-37969. April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.

Two of the critical vulnerabilities Microsoft also patched are in the Layer 2 Tunneling Protocol: CVE-2023-28219 and CVE-2023-28220. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution on the RAS server machine. These vulnerabilities do not require any user interaction to be exploited, but the adversary would need to win a race condition to be successful.

One of the most severe issues is CVE-2023-21554, a remote code execution vulnerability in the Microsoft Message queuing system. Microsoft considers exploitation of this vulnerability to be “more likely,” and it received a CVSS severity score of 9.8 out of 10. Users who want to check to see if they’re being targeted by the exploitation of this vulnerability can run a check to see if there’s a service named “Message Queuing” on their machine, and if TCP port 1801 is listening on the machine.

CVE-2023-28231, a remote code execution vulnerability on the DHCP server service, is also considered “more likely” to be exploited. An attacker could exploit this vulnerability by sending a specially crafted RCP call to the targeted DHCP server. However, the adversary first must gain access to the restricted network.

There are four other critical vulnerabilities, though Microsoft considers them “less likely” to be exploited:

*   CVE-2023-28232: Windows Point-to-Point Tunneling Protocol remote code execution vulnerability

*   CVE-2023-28240: Windows Network Load Balancing remote code execution vulnerability    
    CVE-2023-28250: Windows Pragmatic General Multicast (PGM) remote code execution vulnerability
*   CVE-2023-28291: Raw Image Extension remote code execution vulnerability

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 61606, 61607 and 61613 - 61620. There are also Snort 3 rules 300496, 300499 and 300500.

Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities

Azure admins are urged to disable shared key access and implement Azure Active Directory authentication.

Abuse of shared key authorizations, a default on Azure storage accounts, could allow a threat actor to steal higher privileged access tokens, move laterally throughout the network, and execute remote code, aka RCE.

Researchers at Orca were able to demonstrate how an attacker could breach Microsoft Storage Accounts, but Microsoft's Security Response Center (MSRC) chalked it up to a misconfiguration rather than a vulnerability. MRSC did offer guidance to users to appropriately configure Azure Functions and "effectively deploy environments with the least privilege." The company said it is planning to address the issue as part of its regular "experience improvements."

Orca researchers urge IT teams to take the issue seriously, and added that even though Microsoft doesn't consider the potential privilege escalation a vulnerability, "This does not mean that it is less dangerous," Orca's report said. "Actually, it should be considered even more dangerous since there is no straightforward 'fix'."

Administrators are advised by Microsoft to:

1.  Review user permissions to ensure least-privilege access
2.  Monitor logs for account key access
3.  Consider using a storage account dedicated to application code blob storage
4.  Enable Microsoft Defender for Cloud (MDC) on storage accounts

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft Azure Shared Key Misconfiguration Could Lead to RCE

A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code.
"It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and

Cloud Security / Data Security

A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code.

"It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and execute remote code (RCE)," Orca said in a new report shared with The Hacker News.

The exploitation path that underpins this attack is a mechanism called Shared Key authorization, which is enabled by default on storage accounts.

According to Microsoft, Azure generates two 512-bit storage account access keys when creating a storage account. These keys can be used to authorize access to data via Shared Key authorization, or via SAS tokens that are signed with the shared key.

"Storage account access keys provide full access to the configuration of a storage account, as well as the data," Microsoft notes in its documentation. "Access to the shared key grants a user full access to a storage account's configuration and its data."

The cloud security firm said these access tokens can be stolen by manipulating Azure Functions, potentially enabling a threat actor with access to an account with Storage Account Contributor role to escalate privileges and take over systems.

Specifically, should a managed identity be used to invoke the Function app, it could be abused to execute any command. This, in turn, is made possible owing to the fact that a dedicated storage account is created when deploying an Azure Function app.

"Once an attacker locates the storage account of a Function app that is assigned with a strong managed identity, it can run code on its behalf and as a result acquire a subscription privilege escalation (PE)," Orca researcher Roi Nisimi said.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter - Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don't Miss Out – Save Your Seat!

In other words, by exfiltrating the access-token of the Azure Function app's assigned managed identity to a remote server, a threat actor can elevate privileges, move laterally, access new resources, and execute a reverse shell on virtual machines.

"By overriding function files in storage accounts, an attacker can steal and exfiltrate a higher-privileged identity and use it to move laterally, exploit and compromise victims' most valuable crown jewels," Nisimi explained.

As mitigations, it's recommended that organizations consider disabling Azure Shared Key authorization and using Azure Active Directory authentication instead. In a coordinated disclosure, Microsoft said it "plans to update how Functions client tools work with storage accounts."

"This includes changes to better support scenarios using identity. After identity-based connections for AzureWebJobsStorage are generally available and the new experiences are validated, identity will become the default mode for AzureWebJobsStorage, which is intended to move away from shared key authorization," the tech giant further added.

The findings arrive weeks after Microsoft patched a misconfiguration issue impacting Azure Active Directory that made it possible to tamper with Bing search results and a reflected XSS vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers

Your iPhone, iPad, and Mac now have a built-in password feature, complete with two-factor authentication.

Most people don't use a password manager or two-factor authentication—even people who know it's a good idea—because installing and managing _yet another app_ just sounds exhausting. Well, if you're an Apple user, you don't need another app anymore: Your device can manage your passwords and generate two-factor authentication codes for you, and you can even sync them with a Windows computer.

Password managers are important. Why? To quickly summarize, using the same password for every website and app is an open invitation for hackers to access all of your accounts. That's because passwords regularly leak, and a leaked password on one site can give hackers access to all your other accounts if you use the same password everywhere. It's best, then, to use a totally different password on every site, but no human being can remember that many passwords.

Password managers are the best solution we have at the moment, because they can generate, and then store, secure passwords for all of your services. Most people don't use one, though, because such apps can be complicated to learn, and the best ones aren't free.

So it's great that Apple offers such functionality. But there's a downside: It's a little buried, if not outright hidden. Still, if you're a Safari user with multiple Apple devices, this feature means you can quickly generate and save secure passwords for all of your accounts. Here's how. Note that you'll need a (free) iCloud account for this service to sync passwords between devices, though if you're an Apple user you almost certainly already have one.

Create Passwords

To get started, you may need to enable the feature, which you can find in System Settings on your device under **Passwords**. Make sure **iCloud Keychain** is turned on. Windows users should also install iCloud for Windows, which can sync your passwords with Chrome or Microsoft Edge.

The simplest way to add passwords to Apple's hidden password manager is to just start using your devices and saving passwords as you go. When you sign into any online account in Safari, or in any app on your iPhone or iPad, there's generally a pop-up asking if you want to save the password in your **iCloud Keychain for AutoFill.** This is the simplest way to add accounts: Just hit the **Save Password** button and your username and password will be saved.

Alternatively, if you're signing up for a new account, you will generally be offered an automatically generated strong password—if not, you can tap the key icon at the top of the keyboard on mobile or in the right side of the password field on desktop. Either way you should see the **Add New Password** option, which can automatically create a strong password for you.

From now on, when you log in to the site, your device will offer to fill out the username and password for you. It will generally use TouchID, FaceID, or your system password to confirm you identity, after which the username and password field will be filled in. This saves you from having to remember the passwords, and even the usernames, you use to log in to websites.

Browse and Edit Your Passwords

You might be wondering _where_, exactly, all of these passwords are saved. Let's head back to **Passwords** in System Settings. Here you will find a list of all the passwords you've saved.

Apple via Justin Pot

At the top of the list is a **Security Recommendations** function, which will cross-reference your saved passwords with known lists of leaked accounts. This is a useful way to know if any of your passwords absolutely need to be changed.

Below that is a search bar, which you can use to quickly find any account. Open an account to see the username, password, and URLs associated with the account. You can also add a note to any account, if you want.

Two-Factor Authentication

We've talked about how two-factor authentication keeps you more secure, but basically it means that a hacker who gets your password won't be able to log in unless they _also_ have physical access to your device. Generally two-factor authentication requires installing _yet another_ app, for generating codes, but Apple devices have this feature built in, and they can even fill in the field for you.

Head back to your list of passwords in the System Settings app. Open any account and you'll see a **Set Up Verification Code** field.

Apple via Justin Pot

Tap this and you can set up two-factor authentication for the application. How to do this depends on the specific service you're setting it up for, but it's generally in the settings of the specific app or website. You'll have a QR code to sign or, alternatively, a long code to copy.

Apple via Justin Pot

After setting this up, your Apple device will automatically offer verification codes for you every time you log in to the service on any of your devices. It's really slick, and it's a lot faster than applications like Authy or Google Authenticator.

Importing and Exporting Passwords

Note that if you have an existing password manager, you can import your passwords to Apple's system. Head back to **Passwords** in the settings app and hit the three-dot button on the right above your list of passwords. Here you will see the option to **Import passwords**.

Apple via Justin Pot

You will need to export your passwords to a CSV file before you can use this functionality. Here are instructions for the leading password managers:

*   1Password
*   LastPass
*   Bitwarden
*   Dashlane
*   Google Chrome

You can also **Export** your Apple passwords to a CSV file from here, allowing you to import them into one of these password managers. We've outlined  the best password managers for you; my personal recommendations are Bitwarden, which is free and open source, and 1Password, which is powerful and free to use.

There's not a lot of reason for the Apple faithful to do this, though. As we've outlined, Apple's password system does most of what these applications can do. The main problem is that they're hidden. 

Recently the blogger Cabel Sasser argued that Apple Passwords needs an app, which is part of why I wrote this guide. I'm not sure if I agree with his premise—I suspect most people would simply ignore any “Passwords” app, the way they ignore most applications that come bundled with their devices. Still, it is true that all of this functionality is pretty buried. I hope this article helps you find it.

How to Use Apple’s New All-In-One Password Manager

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers.
The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary

Software Security / Cryptocurrency

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers.

The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary from a hard-coded server.

The two-stage attack culminates in the deployment of a .NET-based persistent backdoor, called Impala Stealer, which is capable of gaining unauthorized access to users' cryptocurrency accounts.

"The payload used a very rare obfuscation technique, called '.NET AoT compilation,' which is a lot more stealthy than using 'off the shelf' obfuscators while still making the binary hard to reverse engineer," JFrog told The Hacker News in a statement.

.NET AoT compilation is an optimization technique that allows apps to be ahead-of-time compiled to native code. Native AOT apps also have faster startup time and smaller memory footprints, and can run on a machine without .NET runtime installed.

The second-stage payload comes with an auto-update mechanism that enables it to retrieve new versions of the executable from a remote location. It further achieves persistence by injecting JavaScript code into Discord or Microsoft Visual Studio Code apps, thereby activating the launch of the stealer binary.

The binary then proceeds to search for the installation of the Exodus Wallet desktop application and inserts JavaScript code into various HTML files in order to harvest and exfiltrate sensitive data to a hard-coded Discord webhook.

The JavaScript snippet, for its part, is fetched from an online paste website from where it's already been deleted. That said, it's suspected that the code may have been used to steal user credentials and access other information of interest.

"The bad actors used typosquatting techniques to deploy a custom malicious payload \[...\] which targets the Exodus crypto wallet and leaks the victim's credentials to cryptocurrency exchanges, by using code injection," Shachar Menashe, senior director at JFrog Security Research, said.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter - Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don't Miss Out – Save Your Seat!

"Our investigation proves no open source software repository is completely trust-worthy, so safety measures should be taken at every step of the software development lifecycle to ensure the software supply chain remains secure."

The findings come as Phylum unearthed a malicious npm package named mathjs-min that was uploaded to the repository on March 26, 2023, and found to harbor a credential stealer that grabs Discord passwords from the official app as well as web browsers like Google Chrome, Brave, and Opera.

"This package is actually a modified version of the widely used Javascript math library mathjs, and was injected with malicious code after being forked," the software supply chain security firm said. "The modified version was then published to NPM with the intention of passing it off as a minified version of the genuine mathjs library."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

 Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

_stop_2023/04/10

国土数値情報・位置参照情報データ公開のお知らせ

令和４年度に作成・更新した下記のデータについて令和５年５月～６月にかけて公開いたします。  
（公開予定データ・順不同）  
土地利用３次メッシュ、土地利用細分メッシュ、都市地域土地利用細分メッシュ、土地利用詳細メッシュ（土地利用メッシュデータ公開範囲：北陸、関東、中部）  
行政区域、国・都道府県機関、市町村役場等及び公的集会施設、  
洪水浸水想定区域、土砂災害警戒区域、津波浸水想定、高潮浸水想定区域、雨水出水浸水想定区域、  
高速道路時系列、バス停留所、バスルート、鉄道、鉄道時系列、駅別乗降客数  
位置参照情報

_stop_2023/03/31

国土数値情報データ変換ツールの提供停止について

国土数値情報ダウンロードサイトにて提供してきた『国土数値情報データ変換ツール』に、  
XML外部エンティティ参照の不適切な制限の脆弱性(CWE-611)が判明したため提供を停止しました。  
過去に、当該ツールをダウンロードしているご利用者におかれましては、当該ツールの利用停止・削除を実施いただくようお願い申し上げます。  
詳しくはこちらをご覧ください。

_stop_2023/03/24

システムのメンテナンスに伴うホームページの運営について

2023年3月28日（火）14:00～16:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/11/28

システムのメンテナンスに伴うホームページの運営について

2022年12月1日（木）14:00～17:00、及び2022年12月2日（金）14:00～15:00にシステムのメンテナンスを行います。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/9/14

ビジネスアイデアコンテスト『イチBizアワード』開催

内閣官房主催「地理空間情報」を活用したビジネスアイデアコンテスト『イチBizアワード』の公募が、2022年7月19日より開始しており、2022年9月30日（金）18:00まで受付中とのことです。本コンテストについて内閣官房よりメッセージが届いておりますので紹介いたします。  
なお、応募方法や詳細については、公式サイトをご覧ください。  
https://www.g-idea.go.jp/

（内閣官房のメッセージ）  
内閣官房では地理空間情報のポテンシャルを最大限活かした新しいサービスビジネスが生まれ、発展することで、よりよい社会や生活を実現し未来を切り開きたい、という思いで『イチBizアワード』を企画いたしました。  
『イチBizアワード』では、「いつ、どこで、何が、どのような状態か」といった、位置や時間に関する情報を活用したものであれば、どんなアイデアでも自由にご応募いただけます。  
既にあるビジネスアイデアやこんなサービスがあったらいいなという、ちょっとしたアイデアまで、沢山のアイデアの応募をお待ちしています。  
応募いただいたアイデアは、専門知識や発信力をもつ審査員に審査いただき、「事業化部門」「マッチング部門」「ちょっとしたサービスアイデア部門」の３つの部門で表彰します。  
加えて協賛企業とのマッチングの機会もあり、実現に向けて後押しします。 奮ってのご応募をお待ちしております。

_stop_2022/8/9

システムのメンテナンスに伴うホームページの運営について

2022年8月17日（水）14:00～17:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/07/05

システムのメンテナンスに伴うホームページの運営について

2022年7月7日（木）13:00～15:30、及び2022年7月8日（金）15:30～16:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/06/06

システムのメンテナンスに伴うホームページの運営について

2022年6月9日（木）16:00～17:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/03/28

システムのメンテナンスに伴うホームページの運営について

2022年3月30日（水）17:00～18:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/03/24

利用者アンケートを開設しました

当サイトへの感想やご意見を募集するアンケートを開設しました。画面左メニューの「利用者アンケート」からご回答いただけます。  
ご回答いただました内容は今後のサイト運営に役立てて参りますので、是非ご協力の程よろしくお願いいたします。

_stop_2022/03/23

システムのメンテナンスに伴うホームページの運営について

2022年3月25日（金）18:00～18:10にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/22

位置参照情報ページについて

本日14:00頃、位置参照情報ページが復旧いたしました。  
利用者の皆さまには大変ご迷惑をおかけしました。今後ともよろしくお願いします。

_stop_2022/02/19

システムのメンテナンスに伴うホームページの運営について

GISホームページは、現在、メンテナンス中でホームページに断続的にアクセスができなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/18

システムのメンテナンスに伴うホームページの運営について

2022年2月24日（木）15:00～15:10にシステムのメンテナンスを行います。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/14

システムのメンテナンスに伴うホームページの運営について

2022年2月18日（金）18:30～19:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2021/11/10

システムのメンテナンスに伴うホームページの運営について

2021年11月13日（土）9:00～10:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2021/01/12

システムのメンテナンスに伴うホームページの運営について

2021年1月15日（金）にシステムのメンテナンスを行います。  
それに伴い、よりセキュリティが強固な設定となり、セキュリティが弱い暗号化を使用しているブラウザからは接続できなくなります。  
閲覧できない場合は、現在ご利用のMicrosoft Edge、Mozilla Firefox、Google Chromeが最新のバージョンかご確認いただき、最新のバージョンへアップデートをお願いいたします。

_stop_2020/12/12

三大都市圏計画区域データ PDF･KMLダウンロードページ開設のお知らせ

こちらに 国土数値情報 三大都市圏計画区域 データから作成した、PDF･KMLファイルのダウンロードページを開設しました。

_stop_2020/07/07

ウェブマッピング調整中のお知らせ　（対応完了しました）

ウェブマッピングシステムは、現在データセットを準備中です。準備ができ次第、順次公開いたします。  
国土数値情報データの内容を確認するには、GISをご利用になるか、geojson形式のファイルをご利用ください。

_stop_2020/07/01

GISホームページ業務移管のお知らせ

令和２年度の国土交通省の組織改編に伴い7月1日よりGISホームページは以下の局に移管となります。  
国土数値情報・位置参照情報　不動産・建設経済局  
国土調査（土地分類調査・水調査）　国土政策局

_stop_2020/06/30

国土数値情報閲覧マニュアル公開のお知らせ

国土数値情報閲覧マニュアル（QGIS）、Geojsonデータ閲覧マニュアルの公開を開始いたしました。  
こちらからダウンロードの上、ご活用ください。  
（現在、ウェブマッピングシステムは調整中になっております。国土数値情報データの内容確認にはこちらのマニュアルをご活用ください。）

_stop_2020/05/18

【重要】GISホームページのリニューアルのお知らせ

2020/05/18よりGISホームページをリニューアルしました。  
なお、一部のデータについては、今後今月末を目処に順次登録して参りますので、データが登録されるまで今しばらくお待ち願います。

（2020/05/22追記）  
GISホームページで対応するブラウザは以下のとおりです。  
対応ブラウザ以外をご利用された場合、画面が正しく表示されない場合がございます。  
Microsoft Edge （最新版）、Mozilla Firefox （最新版）、Google Chrome （最新版）  
ご不明な点などがございましたら、以下の問い合わせ窓口までご連絡願います。  
国土数値情報問合せ受付け窓口　：shitsumon@ksjask.info

Tag

#microsoft