Coverage from Schneier on Security indicates that Microsoft is finally deprecating the RC4 encryption algorithm after 26 years of its continued use in Windows systems. This move addresses a significant security vulnerability that has been exploited by attackers for years.For over two decades, Microsoft's Windows servers have maintained default support for RC4-based authentication requests, despite the availability of more secure alternatives like AES. This fallback mechanism has been a known weakness, frequently exploited by hackers. Notably, the use of RC4 was a critical factor in the breach of health giant Ascension last year, which led to severe disruptions at 140 hospitals and compromised the medical records of 5.6 million patients. Microsoft's decision to deprecate RC4 comes after years of criticism, including a call from U.S. Senator Ron Wyden for an investigation into the company's cybersecurity practices.The deprecation of RC4, particularly with regard to its susceptibility to Kerberoasting attacks, marks a significant step toward improving enterprise network security. Source: Schneier on Security
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds