Microsoft has released an urgent out-of-band (OOB) update on April 11, 2025, addressing a specific issue affecting certain versions of Windows 10, Windows 11, and Windows Server. This hotfix follows closely on the heels of the regular April 2025 Patch Tuesday updates (including KB5055523, KB5055528, KB5055518, KB5055519, KB5055521, KB5055547) and targets a bug related to Active Directory Group Policy settings. It's important to note that this particular problem is unlikely to impact typical home users; its relevance lies primarily within organizational or enterprise environments utilizing Active Directory. The core problem addressed by this OOB update involves a discrepancy in how audit logon/logoff events are displayed within local policy tools. Microsoft identified that even when these audit events are correctly enabled and functioning as intended within an Active Directory Group Policy, they might incorrectly appear as disabled on the affected device. This visual error can be observed specifically in tools like the Local Group Policy Editor or Local Security Policy, where the "Audit logon events" policy might show a security setting of "No auditing," despite being active. The April 11th OOB update was specifically created to correct this misleading display behavior. These corrective OOB updates are not being distributed through the standard Windows Update service. Instead, administrators need to acquire them directly from the Microsoft Update Catalog. These updates are cumulative, meaning they incorporate all previous fixes, so there is no need to install any prior updates before applying the relevant OOB patch. Furthermore, they supersede all previous updates for the specified Windows versions. For organizations that utilize Active Directory Group Policy and have not yet deployed the main April 2025 security updates, Microsoft recommends applying this specific OOB update instead. The affected Windows versions and their corresponding OOB update KB numbers are:Windows 11, versions 23H2 and 22H2 (KB5058919)Windows Server 2022 (KB5058920)Windows 10 Enterprise LTSC 2019 and Windows Server 2019 (KB5058922)Windows 10 LTSB 2016 and Windows Server 2016 (KB5058921)Azure Stack HCI, version 22H2 (KB5058920)Administrators managing affected systems can find direct download links for these KB packages on the Microsoft Update Catalog website. Applying this update ensures that the local policy editors accurately reflect the true status of the audit logon/logoff event settings configured via Active Directory Group Policy. This resolves potential confusion and ensures administrators have correct visibility into their security configurations. Further details and the official announcement can be found on the Windows release health dashboard on Microsoft's website.
