Microsoft KB Update (July 8, 2025) - Medium Severity

On July 8 2025 Microsoft distributed KB’s which conflict with existing AD Module used in Netwrix Activity Monitor for AD . If these KB’s are applied to your systems, they will conflict with current AD module as described below. Netwrix recommends delaying deployment of these KB’s until updated agents are deployed if the impacted event types are important to your organization.

The Netwrix development and QA teams are actively working on an agent update to be compatible with the new KB’s. We will send another notice with new agent versions in a few days.

:double_exclamation_mark: Important Details

If your organization does not use Active Directory monitoring for the following activity event collection or such events are not deemed important then you may elect to deploy the following MS KB’s in advance of the updated Netwrix AD Module. No other aspect of Netwrix Activity Monitor operation is impacted by the July 8th 2025 KB’s beyond what is described below. There is no adverse impact on the domain controllers if the KBs are deployed without updating the AD Module.

  • Windows Server 2025: Capture LDAP Bind activity
  • Windows Server 2022: Capture LDAP Bind activity or capture Kerberos Authentication activity
  • Windows Server 2019: Capture LDAP Bind activity
  • Windows Server 2016: Capture LDAP Bind activity

Severity

Medium

Affected Systems

  • Windows Server 2025 (for Active Directory)
  • Windows Server 2022 (for Active Directory)
  • Windows Server 2019 (for Active Directory)
  • Windows Server 2016 (for Active Directory)

Affected Platforms / KBs

  • Windows Server 2025 – KB5062553
  • Windows Server 2022 – KB5062572
  • Windows Server 2019 – KB5062557
  • Windows Server 2016 – KB5062560

Impact:

• Functional:

  • 2025 Server - KB5062553
    • Netwrix AD Module will lose the ability to capture LDAP Bind events
    • Expected ADMonitor_Logs Error:
      • Couldn’t resolve LDAP_CONN::BindRequest
  • 2022 Server - KB5062572
    • Netwrix AD Module will lose the ability to capture LDAP Bind events and capture Kerberos Authentication events
    • Expected ADMonitor_Logs Error:
      • Couldn’t resolve LDAP_CONN::BindRequest
      • Couldn’t resolve I_GetASTicket
  • 2019 Server - KB5062557
    • Netwrix AD Module will lose the ability to capture LDAP Bind events
    • Expected ADMonitor_Logs Error:
      • Couldn’t resolve LDAP_CONN::BindRequest
  • 2016 Server - KB5062560
    • Netwrix AD Module will lose the ability to capture LDAP Bind events
    • Expected ADMonitor_Logs Error:
      • Couldn’t resolve LDAP_CONN::BindRequest

• Stability:

○ No stability impact on any server platforms / Domain Controllers

Does this issue affect Netwrix Auditor 10.7.13850 product ?

Thanks for your question! This particular update applies only to Netwrix Activity Monitor and doesn’t affect Netwrix Auditor 10.7.13850.

Just a quick note - all announcements in this section are specific to Activity Monitor. If you’re looking for updates or have questions about Netwrix Auditor, you can find the dedicated section here.

Let me know if I can help with anything else! :slight_smile:

This issue does not affect Netwrix Auditor.
It only affects Netwrix Activity Monitor and products that depend on it: Netwrix Access Analyzer, Netwrix Threat Manager. Apologies for the confusion.

Thank you Paul, I appreciate the quick response!

Thank you, that was one of the most confusing bulletins. Please be more clear what product you all are referring to, you have too many and confuse yourselves.

Hi Adam,

Welcome to the Netwrix Community, and thanks for the feedback.

We’re discussing how to make future announcements clearer about which products are affected. Your input is noted and appreciated.

Thanks