• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft to phase out ntlm in favor of kerberos for

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

You are here: Home / General Cyber Security News / Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
October 14, 2023

Microsoft has declared that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the upcoming, as it pivots to alternative solutions for authentication and bolster security.

“The concentration is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and decreasing reliance on NT LAN Supervisor (NTLM),” the tech large explained. “New options for Windows 11 incorporate First and Pass As a result of Authentication Applying Kerberos (IAKerb) and a local Essential Distribution Heart (KDC) for Kerberos.”

Cybersecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


IAKerb allows consumers to authenticate with Kerberos throughout a numerous variety of network topologies. The next element, a area Vital Distribution Heart (KDC) for Kerberos, extends Kerberos aid to neighborhood accounts.

Initial released in the 1990s, NTLM is a suite of security protocols supposed to give authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) device that relies on a challenge-response protocol that proves to a server or area controller that a user is aware the password connected with an account.

It has since been supplanted by a further authentication protocol termed Kerberos because the launch of Windows 2000, although NTLM proceeds to be used as a fallback mechanism.

“The main big difference in between NTLM and Kerberos is in how the two protocols control authentication. NTLM relies on a a few-way handshake between the consumer and server to authenticate a person,” CrowdStrike notes. “Kerberos makes use of a two-section procedure that leverages a ticket granting support or key distribution centre.”

Cybersecurity

One more important difference is that when NTLM relies on password hashing, Kerberos leverages encryption.

Moreover NTLM’s inherent security weaknesses, the technology has been rendered susceptible to relay attacks, possibly permitting poor actors to intercept authentication tries and obtain unauthorized access to network methods.

Microsoft said it is also functioning on addressing challenging-coded NTLM situations in its components in preparing for the shift to in the end disable NTLM in Windows 11, introducing it’s earning enhancements that really encourage the use of Kerberos alternatively of NTLM.

“All these modifications will be enabled by default and will not require configuration for most situations,” Matthew Palko, Microsoft’s senior item administration direct in Organization and Security, claimed. “NTLM will proceed to be readily available as a fallback to sustain present compatibility.”

Identified this write-up exciting? Observe us on Twitter  and LinkedIn to examine a lot more special material we post.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «new peapod cyberattack campaign targeting women political leaders New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
Next Post: Binance’s Smart Chain Exploited in New ‘EtherHiding’ Malware Campaign binance's smart chain exploited in new 'etherhiding' malware campaign»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.