About time: Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even longer than that, and Redmond is now finally working to put the algorithm out to pasture a few months from now.
Microsoft recently confirmed that it is finally deprecating RC4, the encryption method used by the Kerberos authentication protocol for the past three decades. Developed by mathematician Ron Rivest in 1987, Rivest Cipher 4 has been vulnerable to attacks since 1994, when the secret algorithm leaked to the public.
Microsoft Principal Program Manager Matthew Palko said that RC4 offered significant compatibility benefits but has long been vulnerable to an attack method called Kerberoasting. The combination of Kerberos and RC4 has remained a core component of Active Directory since the service's early days.
Redmond developers plan to disable default RC4 support by mid-2026, Palko said. The Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later will default to AES-SHA1, which is significantly more secure than RC4. Domain administrators can still configure a KDC account with RC4 authentication, but they should understand the associated risks.
Following Palko's announcement, Microsoft's Steve Syfuhs noted on Bluesky that deprecating RC4 in the Windows Kerberos stack has been a long time coming. Developers have worked on it for more than a decade, but removing an encryption algorithm embedded in every OS released over the past 25 years is a complex and challenging task.
Microsoft programmers kept RC4 "alive" by surgically addressing its most critical security issues until they decided to prioritize AES for Kerberos communications. The change significantly reduced RC4 usage while having only a minimal impact on compatibility for organizations running Active Directory.
With the deprecation plan finalized, Microsoft is offering tools to locate and troubleshoot remaining RC4-based connections. New PowerShell scripts can identify RC4 authentication instances within Windows, and Palko advises organizations to migrate these systems to AES-SHA1 or a newer Windows version. Windows Server 2003 was the last OS without proper support for AES128-SHA96 and AES256-SHA96.
It's nice that Microsoft is finally addressing RC4 insecurity – providing a response to what Democratic Senator Ron Wyden recently called "gross cybersecurity negligence." However, the algorithm remains widely supported across the industry, meaning insecure communications and vulnerable networks will likely persist for years.