As reported by Bleeping Computer, Microsoft is set to disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases, a move aimed at bolstering security and mitigating risks associated with cyberattacks.NTLM, a legacy authentication protocol, has been a persistent vulnerability, susceptible to attacks like NTLM relay, pass-the-hash, PetitPotam, and ShadowCoerce. These exploits allow attackers to escalate privileges, steal credentials, and move laterally across networks. While Kerberos has been the default for years, NTLM persists as a fallback, leaving organizations exposed. Microsoft's phased transition plan begins with enhanced auditing tools in Windows 11 24H2 and Windows Server 2025 to identify NTLM usage. Phase two, in late 2026, will introduce features like IAKerb and a Local Key Distribution Center to address NTLM fallback scenarios. The final phase will see network NTLM disabled by default in future releases, though it can be re-enabled via policy.By deprecating NTLM by default, Microsoft is pushing organizations to adopt modern, robust protocols like Kerberos, thereby reducing the attack surface. The phased rollout aims to minimize disruption while enhancing overall network security.Source: Bleeping Computer
Data Security, Network Security
Microsoft to disable NTLM authentication by default

An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



