Microsoft KB Update (April 14, 2026) – Medium Severity

Products Activity Monitor News
, ,
1

announcement-2026-04-14T04-36-41-886Z
announcement-2026-04-14T04-36-41-886Z1000×600 79.3 KB

Want the full details? Click the link below!

On April 14th 2026, Microsoft released KB updates that conflict with the Active Directory (AD) Module in the Netwrix Activity Monitor product.
If these KBs are applied before updating the AD Module, certain Kerberos Authentication and LDAP Bind events will no longer be captured.

Netwrix recommends delaying deployment of these KBs if your organization relies on these event types. The Netwrix development and QA teams are working on an updated AD Module compatible with these KBs and will send another notice when it is available.

:double_exclamation_mark: Important Details
If your organization does not use Netwrix Activity Monitor for the following Active Directory activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of the updated AD Module.

No other aspect of Activity Monitor operation is impacted by the April 14th 2026 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the AD Module.

Event Types Affected:

  • Kerberos Authentication activity
  • LDAP Bind activity

Severity:
MEDIUM

Affected Product: Netwrix Activity Monitor for Active Directory

Affected Systems:

  • Windows Server 2025 (for Active Directory)
  • Windows Server 2022 (for Active Directory)
  • Windows Server 2019 (for Active Directory)
  • Windows Server 2016 (for Active Directory)

Affected Microsoft KBs:

  • Windows Server 2025 KB5082063
  • Windows Server 2022 KB5082142
  • Windows Server 2019 KB5082123
  • Windows Server 2016 KB5082198

Impact:

Functional:

  • Windows Server 2025 (KB5082063): Loss of ability to capture Kerberos authentication activity
    • Log: resolving HandleTGSRequest failed
    • Log: Couldn’t resolve I_RenewTicket
  • Windows Server 2022 (KB5082142): Loss of ability to capture Kerberos authentication activity
    • Log: Couldn’t resolve KdcGetSidsFromTgt
  • Windows Server 2019 (KB5082123): Loss of ability to capture Kerberos authentication activity and LDAP Bind activity
    • Log: Couldn’t resolve I_RenewTicket
    • Log: Couldn’t resolve KdcGetSidsFromTgt
    • Log: Couldn’t resolve LDAP_CONN::BindRequest
  • Windows Server 2016 (KB5082198): Loss of ability to capture Kerberos authentication activity
    • Log: Couldn’t resolve I_RenewTicket
    • Log: Couldn’t resolve KdcGetSidsFromTgt
    • Log: Couldn’t resolve I_GetASTicket

Stability:
No stability impact on any server platforms or domain controllers

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!