I've been tasked by my boss to check if our systems are impacted by KB5014754 and if we need to make any changes. A couple of years back, someone on my team set up new 2022 Active Directory servers, and we consistently patch them through WSUS. I checked the Event Viewer on all the AD servers and couldn't find any Events 39, 40, or 41 mentioned in the article. Additionally, the StrongCertificateBindingEnforcement registry key is missing, and we've applied updates beyond February 2025, which suggests we're in full enforcement mode. Plus, none of our device names have a trailing $ sign. Does this mean we're safe, or is there something else I should investigate?
2 Answers
Do you rely on certificate-based authentication? If not, then you’re good; it won’t affect you.
If your updates are installed, the registry key for disabling them is absent, and you’re not seeing those event codes on your domain controllers, you should be in good shape. Just a heads up: all computer objects in Active Directory have an implicit $ sign at the end, so don’t worry about that.
Yep, that’s the key right there.
Thanks! I also just re-read the article. Are those events supposed to show up in the Windows Logs -> System or under Applications and Services Logs -> Microsoft -> Windows -> Kerberos-Key-Distribution-Center -> Operational? I just checked, and we don’t have those Operational logs enabled.