Microsoft KB Update (November 11, 2025) – Medium Severity

Products Threat Prevention News
, ,
1

Threat Prevention - KB Update - November 11
Threat Prevention - KB Update - November 111536×1024 1.4 MB

On November 11, 2025, Microsoft released KB updates that conflict with Netwrix Threat Prevention (formerly StealthINTERCEPT) agents.
If these KBs are applied before updating the agents, certain Kerberos authentication activity events will no longer be captured or blocked.

Netwrix recommends delaying the deployment of these KBs if your organization relies on these event types. The Netwrix development and QA teams are working on updated agents compatible with these KBs and will send another notice when they are available.

:double_exclamation_mark: Important Details
If your organization does not use Netwrix Threat Prevention (formerly StealthINTERCEPT) for the following activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of updated Netwrix Threat Prevention (formerly StealthINTERCEPT) agents.

No other aspect of Netwrix Threat Prevention (formerly StealthINTERCEPT) operation is impacted by the November 11, 2025 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the agents.

Event Types Affected:
Capture or block Kerberos authentication activity

Severity:
Medium

Affected Products:

  • Netwrix Threat Prevention (formerly StealthINTERCEPT) for Active Directory
  • Netwrix Threat Manager (formerly StealthDEFEND) for Active Directory
  • Netwrix (Stealthbits) Active Directory Activity Monitor

Affected Agents: all prior to:

  • 7.5.0.252
  • 7.4.0.280
  • 7.3.9.332

Affected Systems:

  • Windows Server 2022 (for Active Directory)

  • Windows Server 2019 (for Active Directory)

  • Windows Server 2016 (for Active Directory)**

Affected Microsoft KBs:

  • Windows Server 2022 KB5068787

  • Windows Server 2019 KB5068791

  • Windows Server 2016 KB5068864

Impact:

Functional:

  • 2022 Server – KB5068787

    • Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to Capture or block Kerberos authentication activity
    • Log:
      • Couldn’t resolve KdcGetSidsFromTgt

  • 2019 Server – KB5068791

    • Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to Capture or block Kerberos authentication activity
    • Log:
      • Couldn’t resolve KdcGetSidsFromTgt

  • 2016 Server – KB5068864

    • Netwrix Threat Prevention / StealthINTERCEPT agents will lose the ability to Capture or block Kerberos authentication activity
    • Log:
      • Couldn’t resolve KdcGetSidsFromTgt

Stability:
No stability impact on any server platforms or domain controllers.

2

Hello,

Is the all agents prior to correct in the above bulletin:

We’re currently on Version 7.4.0.276

Netwrix recommends delaying the deployment of these KBs if your organization relies on these event types. The Netwrix development and QA teams are working on updated agents compatible with these KBs and will send another notice when they are available.

Affected Agents: all prior to:

  • 7.5.0.242

  • 7.4.0.269

  • 7.3.9.325

3

Hi Lee, the list of agents has been updated - here is the correct one:
Affected agents: all prior to:

  • 7.5.0.252
  • 7.4.0.280
  • 7.3.9.332