Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy ...

By mid-2026, Windows domain controllers will default to allowing only AES-SHA1, with RC4 disabled unless administrators explicitly re-enable it. Microsoft says eliminating RC4 proved complicated due ...

Microsoft is finally ripping out one of the weakest links in its identity stack, cutting off a legacy cipher that attackers have abused for years to walk straight into corporate networks. The move ...

Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections.

Software King of the World, Microsoft, is pulling the plug on RC4, an obsolete and leaky encryption cypher it has propped up by default for 26 years despite a trail of break-ins and public ...

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Google, Microsoft, and Mozilla all made the ...

Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and ...

Although RC4 encryption should already be a thing of the past, it is still used sporadically today. Microsoft has now announced that it will remove Rivest Cipher 4 from Kerberos. This is intended to ...

Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections.

About time: Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even ...