Microsoft KB Update (August 12, 2025) – Medium Severity

announcement-2025-08-13T17-57-10-568Z1000×600 64.7 KB

On August 12, 2025, Microsoft released KB updates that conflict with Netwrix Threat Prevention (formerly StealthINTERCEPT) agents.
If these KBs are applied before updating the agents, certain LDAP and Kerberos events will no longer be captured or blocked.

Netwrix recommends delaying the deployment of these KBs if your organization relies on these event types. The Netwrix development and QA teams are working on updated agents compatible with these KBs and will send another notice when they are available.

Important Details

If your organization does not use Netwrix Threat Prevention (formerly StealthINTERCEPT) for the following activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of updated Netwrix Threat Prevention (formerly StealthINTERCEPT) agents.

No other aspect of Netwrix Threat Prevention (formerly StealthINTERCEPT) operation is impacted by the August 12, 2025 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the agents.

Event Types Affected:

• Windows Server 2025: Capture LDAP Bind activity; capture or block Kerberos Authentication activity
• Windows Server 2022: Capture or block Kerberos Authentication activity

Severity: Medium

Affected Products:

• Netwrix Threat Prevention (formerly StealthINTERCEPT) for Active Directory
• Netwrix Threat Manager (formerly StealthDEFEND) for Active Directory

Affected Netwrix Threat Prevention (formerly StealthINTERCEPT) Agents - all prior to:

• 7.5.0.227
• 7.4.0.233
• 7.3.9.309
• 7.3.7.479

Affected Systems:

• Windows Server 2025 (for Active Directory)
• Windows Server 2022 (for Active Directory)

Affected Microsoft KBs:

• Windows Server 2025 – KB5063878
• Windows Server 2022 – KB5063880

Impact:

Functional:

• Windows Server 2025 – KB5063878
  • Agents will lose the ability to capture LDAP Bind events and capture or block Kerberos Authentication events
  • Expected ADMonitor_Logs errors:
    • Couldn't resolve LDAP_CONN::BindRequest
    • Couldn't resolve KdcVerifyKdcRequest
    • Failed to resolve KerberosCryptoPolicy::SelectEncryptionType
• Windows Server 2022 – KB5063880
  • Agents will lose the ability to capture or block Kerberos Authentication events
  • Expected ADMonitor_Logs error:
    • Couldn't resolve I_GetASTicket

Stability:

• No stability impact on any server platforms or domain controllers

which agent version do we need to have since i already have the latest KB on 2022 DC.

Netwrix has not released the fixed agent version yet, typically we see it within a few days of release of Windows Updates. We will see another announcement with a follow up to this one with the version(s) it’s fixed in.

Hello @edber.bailon agent has been released today, please see below announcement.
Agent Packages for Microsoft KB Update (August 12, 2025) Released - Threat Prevention / News - Netwrix Community

Thank you, Justin! I’ve also updated the original post to include that this applies to all agents prior to 7.5.0.227, 7.4.0.233, 7.3.9.309, and 7.3.7.479.