Over the history of Active Directory, threat actors have continually identified new ways of exposing vulnerabilities in the Kerberos authentication protocol. To help reduce the risks associated with ...

Microsoft is moving forward with disabling RC4-HMAC for Kerberos authentication. Cryptographically, this decision is long overdue. RC4 has been considered weak for years and has played a central role ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Google, Microsoft, and Mozilla all made the ...

Although RC4 encryption should already be a thing of the past, it is still used sporadically today. Microsoft has now announced that it will remove Rivest Cipher 4 from Kerberos. This is intended to ...

Google and Mozilla today announced they’ve settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm. Google, Microsoft and Mozilla today announced they’ve settled on a ...

RC4 has been exploited in high-profile attacks across enterprise Windows networks Kerberoasting exploits weaknesses in Active Directory, allowing attackers to perform offline password cracking ...

Microsoft plans to disable RC4 use as the default assumed supported encryption type for Active Directory domain controllers by the end of the second quarter of 2026. To learn more about how to prepare ...