KB5008383 - Next step guidance

Joshua Thompson 206 Reputation points
2022-01-03T18:49:06.517+00:00

KB5008383 updates have been applied on my Domain Controllers. In reviewing the Directory Service event logs on my DC's I am seeing events 3051 and 3054 that have timestamps that match when the servers were restarted. No other events ID are found (3044-3056).

What are my next steps here? I am finding the guidance on the below URL hard to understand. Since no other events have been logged is it safe to proceed with the Enforcement mode? if so , what exactly are my next steps now or do I just wait for the April 2022 updates?

https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,805 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2022-01-03T19:08:20.093+00:00

    Sounds like you should be good to go.
    If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Joshua Thompson 206 Reputation points
    2022-01-04T13:53:29.167+00:00

    I will wait for the April update and let that update put me into enforcement mode.

    Thank you for your assistance.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.