Microsoft KB Update (April 8, 2025) - Medium Severity

Products Threat Prevention Announcements
,
1

TP Microsoft KB Update
TP Microsoft KB Update1333×800 166 KB

On April 8th, 2025, Microsoft distributed KB’s which conflict with existing Netwrix Threat Prevention / StealthINTERCEPT agents. If these KB’s are applied to your systems, they will conflict with current Netwrix Threat Prevention / StealthINTERCEPT agents as described below. Netwrix recommends delaying deployment of these KB’s until updated agents are deployed if the impacted event types are important to your organization.

The Netwrix development and QA teams are actively working on an agent update to be compatible with the new KB’s. We will send another notice with new agent versions in a few days.

:double_exclamation_mark: Important Details

If your organization does not use Netwrix Threat Prevention (formerly StealthINTERCEPT) on Server 2022, 2019, and 2016 to capture LDAP Bind activity or to capture FSMO role changes on Server 2022, or capture or block Kerberos Authentication activity on Server 2019 (as described below), or such events are not deemed important, then you may elect to deploy the MS KB’s in advance of updated Netwrix Threat Prevention / StealthINTERCEPT agents. No other aspect of Netwrix Threat Prevention / StealthINTERCEPT operation is impacted by the April 8th, 2025 KB’s beyond what is described below. There is no adverse impact on the domain controllers if the KBs are deployed without updating the Netwrix Threat Prevention / StealthINTERCEPT agents.

Severity: MEDIUM

Affected Products:

  • Netwrix Threat Prevention / StealthINTERCEPT for Active Directory
  • Netwrix Threat Manager (formerly StealthDEFEND) for Active Directory
  • Netwrix Activity Monitor for Active Directory

Affected System(s):

  • Windows Server 2022 (for Active Directory)
  • Windows Server 2019 (for Active Directory)
  • Windows Server 2016 (for Active Directory)

Affected Platform/KB:

  • Windows Server 2022 KB5055526
  • Windows Server 2019 KB5055519
  • Windows Server 2016 KB5055521

Impact:

Functional:

  • Server 2022 - KB5055526
    Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to capture LDAP Bind events and the ability to capture FSMO role change events.
    Expected ADMonitor_Logs Error:

    • Couldn’t resolve LDAP_CONN::BindRequest
    • Couldn’t resolve DsaGetValidFSMOs

  • Server 2019 - KB5055519
    Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to capture or block Kerberos Authentication events and the ability to capture LDAP Bind events.
    Expected ADMonitor_Logs Error:

    • Couldn’t resolve LDAP_CONN::BindRequest
    • Couldn’t resolve HandleTGSRequest

  • Server 2016 - KB5055521
    Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to capture LDAP Bind events.
    Expected ADMonitor_Logs Error:

    • Couldn’t resolve LDAP_CONN::BindRequest

Stability:

  • No stability impact on any server platforms / Domain Controllers.