Microsoft announced a three-phase plan to phase out New Technology LAN Manager (NTLM) and transition Windows environments to more secure Kerberos-based authentication, citing NTLM’s weak cryptography and susceptibility to replay, relay, and pass-the-hash attacks. The rollout includes immediate enhanced NTLM auditing, pre-release migration features like IAKerb and Local KDC, and a future Windows release that will disable NTLM by default and require explicit re-enablement via policy. #NTLM #Kerberos
Keypoints
- Microsoft is implementing a three-phase strategy to phase out NTLM in favor of Kerberos.
- NTLM was deprecated in June 2024 due to weak cryptography and attack susceptibility.
- Phase 1 delivers enhanced NTLM auditing to identify where NTLM is still used (available now).
- Phase 2 introduces migration aids such as IAKerb and Local KDC and will prioritize Kerberos (expected H2 2026).
- Phase 3 will disable NTLM by default in the next Windows Server and client release, with policy-based re-enablement.
Read More: https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html