Microsoft KB Update (September 9, 2025) – Medium Severity

Tatiana.Severina · September 10, 2025, 8:00pm

On September 9, 2025, Microsoft released KB updates that conflict with the Active Directory (AD) Module in the Netwrix Activity Monitor product.
If these KBs are applied before updating the AD Module, certain AD authentication and replication events will no longer be captured.

Netwrix recommends delaying deployment of these KBs if your organization relies on these event types. The Netwrix development and QA teams are working on an updated AD Module compatible with these KBs and will send another notice when it is available.

Important Details
If your organization does not use Netwrix Activity Monitor for the following Active Directory activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of the updated AD Module.

No other aspect of Activity Monitor operation is impacted by the September 9, 2025 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the AD Module.

Event Types Affected:

Kerberos or NTLM authentication activity
Active Directory Replication activity

Severity: MEDIUM

Affected Product: Netwrix Activity Monitor for Active Directory

Affected Systems:

Windows Server 2022
Windows Server 2019
Windows Server 2016

Affected Microsoft KBs:

KB5065432 (Windows Server 2022)
KB5065428 (Windows Server 2019)
KB5065427 (Windows Server 2016)

Impact:

Functional:

2022 Server – KB5065432
- Impact: AD Module will lose the ability to capture Kerberos or NTLM authentication activity
- Log:

Couldn't resolve KdcGetTicket  
Couldn't resolve NlpUserValidate

2019 Server – KB5065428
- Impact: AD Module will lose the ability to capture NTLM authentication activity
- Log:

Couldn't resolve NlpUserValidate

2016 Server – KB5065427
- Impact: AD Module will lose the ability to capture Kerberos or NTLM authentication activity and capture AD Replication activity
- Log:

Couldn't resolve I_RenewTicket  
Couldn't resolve NlpUserValidate  
Couldn't resolve IDL_DRSGetNCChanges

Stability:
No stability impact on any server platforms or domain controllers

justin-eevabits · September 12, 2025, 5:14pm

@Tatiana.Severina SI Agent was updated on NTP proper, do we have a new NAM deployment that bundles the latest SI Agent (7.5.0.234+)?

Topic		Replies	Views
Microsoft KB Update (May 13, 2025) - Medium Severity News activity-monitor , announcement	0	208	May 13, 2025
Microsoft KB Update (July 8, 2025) - Medium Severity News activity-monitor , announcement , patch-tuesday	6	220	August 1, 2025
Microsoft KB Update (August 12, 2025) – Medium Severity News threat-manager , announcement , release-patch , patch-tuesday	0	59	August 12, 2025
Microsoft KB Update (April 8, 2025) - Medium Severity News threat-prevention , announcement , product-update	0	80	April 8, 2025
Microsoft KB Update (May 13, 2025) - Medium Severity News threat-manager , announcement	0	419	May 13, 2025

Microsoft KB Update (September 9, 2025) – Medium Severity

Related topics