GovInfoSecurity

Microsoft to Kill RC4 in Kerberos by 2026

Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding ...

Microsoft finally kills off RC4 encryption cipher blamed for multiple cyberattacks

By mid-2026, Windows domain controllers will default to allowing only AES-SHA1, with RC4 disabled unless administrators explicitly re-enable it. Microsoft says eliminating RC4 proved complicated due ...

Microsoft will soon deprecate the insecure RC4 encryption algorithm

Microsoft recently confirmed that it is finally deprecating RC4, the encryption method used by the Kerberos authentication protocol for the past three decades. Developed by mathematician ...

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years ...
Network World

Microsoft’s .NET Framework security updates further effort to phase out RC4 encryption

Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections.
Dark Reading

SSL/TLS Suffers 'Bar Mitzvah Attack'

SSL/TLS encryption once again is being haunted by an outdated and weak feature long past its prime: a newly discovered attack exploits a weakness in the older, less secure RC4 encryption algorithm ...
Ars Technica

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form ...