Microsoft KB Update (March 10, 2026) – Medium Severity

Products Threat Manager News
, ,
1

announcement-2026-03-10T02-01-23-918Z
announcement-2026-03-10T02-01-23-918Z1000×600 65 KB

Want the full details? Click the link below!

On March 10th 2026, Microsoft released KB updates that conflict with Netwrix Threat Prevention agents used by Threat Manager for AD to collect AD event data. If these KBs are applied before updating the agents, certain LDAP and Kerberos events will no longer be captured or blocked.

Netwrix recommends delaying the deployment of these KBs if the impacted event types are important to your organization. The Netwrix development and QA teams are working on updated agents compatible with these KBs and will send another notice when they are available.

:double_exclamation_mark: Important Details
If your Threat Manager for AD deployment does not use Threat Prevention (formerly StealthINTERCEPT) agents for the following activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of updated Netwrix Threat Prevention agents.

No other aspect of Threat Manager operation is impacted by the March 10th 2026 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the agents.

Event Types Affected:
Capture or block Kerberos authentication activity

Severity:
Medium

Affected Products:

  • Netwrix Threat Prevention for Active Directory
  • Netwrix Threat Manager for Active Directory
  • Netwrix Activity Monitor for Active Directory

Affected Systems:

  • Windows Server 2025 (for Active Directory)
  • Windows Server 2022 (for Active Directory)
  • Windows Server 2019 (for Active Directory)
  • Windows Server 2016 (for Active Directory)

Affected Microsoft KBs:

  • Windows Server 2025 KB5078740
  • Windows Server 2022 KB5078766
  • Windows Server 2019 KB5078752
  • Windows Server 2016 KB5078938

Impact:

Functional:

  • 2025 Server – KB5078740
    Netwrix Threat Prevention agents will lose the ability to capture or block Kerberos authentication activity.
    Log: Couldn’t resolve I_GetASTicket
  • 2022 Server – KB5078766
    Netwrix Threat Prevention agents will lose the ability to capture or block Kerberos authentication activity.
    Log: Couldn’t resolve I_GetASTicket
  • 2019 Server – KB5078752
    Netwrix Threat Prevention agents will lose the ability to capture or block Kerberos authentication activity.
    Log: Couldn’t resolve I_GetASTicket
  • 2016 Server – KB5078938
    Netwrix Threat Prevention agents will lose the ability to capture or block Kerberos authentication activity.
    Log: Couldn’t resolve I_GetASTicket

Stability:
No stability impact on any server platforms or domain controllers.

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!