{"id":254,"date":"2025-12-22T17:06:35","date_gmt":"2025-12-22T17:06:35","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/"},"modified":"2025-12-22T17:06:35","modified_gmt":"2025-12-22T17:06:35","slug":"microsoft-is-finally-killing-rc4","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/","title":{"rendered":"Microsoft Is Finally Killing RC4"},"content":{"rendered":"<div>\n<p>After twenty-six years, Microsoft is <a href=\"https:\/\/arstechnica.com\/security\/2025\/12\/microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc\/\">finally upgrading<\/a> the last remaining instance of the encryption algorithm RC4 in Windows.<\/p>\n<blockquote>\n<p>of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication requests and return an RC4-based response. The RC4 fallback has been a favorite weakness hackers have exploited to compromise enterprise networks. Use of RC4 played a <a href=\"https:\/\/arstechnica.com\/security\/2025\/09\/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension\/\">key role<\/a> in last year\u2019s breach of health giant Ascension. The breach caused life-threatening disruptions at 140 hospitals and put the medical records of 5.6 million patients into the hands of the attackers. US Senator Ron Wyden (D-Ore.) <a href=\"https:\/\/arstechnica.com\/security\/2025\/09\/senator-blasts-microsoft-for-making-default-windows-vulnerable-to-kerberoasting\">in September<\/a> called on the Federal Trade Commission to investigate Microsoft for \u201cgross cybersecurity negligence,\u201d citing the continued default support for RC4.<\/p>\n<p>Last week, Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/windows-server\/blog\/2025\/12\/03\/beyond-rc4-for-windows-authentication\">said<\/a> it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension\u2019s network.<\/p>\n<\/blockquote>\n<p>Fun fact: RC4 was a trade secret until I published the algorithm in the second edition of <i><a href=\"https:\/\/www.schneier.com\/books\/applied-cryptography\/\">Applied Cryptography<\/a><\/i> in 1995.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[289,290,90,291,292,293,53,294],"tags":[91],"class_list":["post-254","post","type-post","status-publish","format-standard","hentry","category-algorithms","category-applied-cryptography","category-cybersecurity","category-encryption","category-microsoft","category-rc4","category-uncategorized","category-windows","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-22T17:06:35+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Microsoft Is Finally Killing RC4\",\"datePublished\":\"2025-12-22T17:06:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\"},\"wordCount\":201,\"keywords\":[\"Cybersecurity\"],\"articleSection\":{\"0\":\"algorithms\",\"1\":\"Applied Cryptography\",\"2\":\"Cybersecurity\",\"3\":\"encryption\",\"4\":\"Microsoft\",\"5\":\"RC4\",\"7\":\"Windows\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\",\"name\":\"Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2025-12-22T17:06:35+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Is Finally Killing RC4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited","og_description":"After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2025-12-22T17:06:35+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Microsoft Is Finally Killing RC4","datePublished":"2025-12-22T17:06:35+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/"},"wordCount":201,"keywords":["Cybersecurity"],"articleSection":{"0":"algorithms","1":"Applied Cryptography","2":"Cybersecurity","3":"encryption","4":"Microsoft","5":"RC4","7":"Windows"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/","url":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/","name":"Microsoft Is Finally Killing RC4 - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2025-12-22T17:06:35+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/22\/microsoft-is-finally-killing-rc4\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Microsoft Is Finally Killing RC4"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=254"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/254\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}