Microsoft to Finally Deprecate Obsolete RC4 Cipher After Years of Vulnerabilities

Microsoft is finally discontinuing an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years. This decision follows over a decade of severe hacks exploiting RC4 and recent strong criticism from a prominent US senator.

When Active Directory was introduced by Microsoft in 2000, it designated RC4 as the sole method for securing this critical Windows component. Active Directory is used by administrators to configure and provision user and administrator accounts within large organizations. RC4, or Rivest Cipher 4, was developed by cryptographer Ron Rivest in 1987. Shortly after the algorithm's trade secret was leaked in 1994, a researcher demonstrated a cryptographic attack that significantly compromised its perceived security. Despite these known vulnerabilities, RC4 remained a common element in encryption protocols like SSL and TLS until roughly a decade ago.

Phasing Out the Old

Microsoft has been one of the most visible holdouts in supporting RC4. While Active Directory was eventually upgraded to support the more secure AES encryption standard, Windows servers continued, by default, to respond to and issue RC4-based authentication requests. This RC4 fallback has been a frequent target for hackers exploiting enterprise networks. For instance, the use of RC4 played a key role in a past breach of health giant Ascension, which led to life-threatening disruptions at 140 hospitals and exposed the medical records of 5.6 million patients. US Senator Ron Wyden (D-Ore.) previously criticized Microsoft for "gross cybersecurity negligence" due to its continued default support for RC4.

Recently, Microsoft announced its decision to finally deprecate RC4, citing its susceptibility to Kerberoasting—an attack method known since 2014 that was the root cause of the initial intrusion into Ascension’s network.

Matthew Palko, a Microsoft principal program manager, stated, "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption. RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it."

AES-SHA1, an algorithm widely considered secure, has been available in all supported Windows versions since Windows Server 2008. Since then, Windows clients have defaulted to authenticating using this more secure standard, and servers have responded similarly. However, Windows servers also continued, by default, to respond to RC4-based authentication requests, leaving networks vulnerable to Kerberoasting.

Following the change planned for next year, RC4 authentication will no longer function unless administrators take explicit steps to enable it. In the interim, Palko emphasized the importance for administrators to identify any systems within their networks still relying on the RC4 cipher. Despite its known vulnerabilities, RC4 remains the sole authentication method for some third-party legacy systems connecting to Windows networks. Such systems are often overlooked in networks, even when they perform crucial functions.

To assist with system identification, Microsoft is providing several tools, including an update to KDC logs. These logs will track both requests and responses made by systems using RC4 when performing requests via Kerberos. Kerberos is an industry-standard authentication protocol for verifying user and service identities across non-secure networks, and it is the sole method for mutual authentication to Active Directory. Attackers often target Active Directory as a "Holy Grail" due to the extensive control gained upon its compromise.

Microsoft is also introducing new PowerShell scripts designed to sift through security event logs, making it easier to pinpoint problematic RC4 usage.

Microsoft indicated that it has been working steadily over the past decade to deprecate RC4, acknowledging the complexity of the task.

Challenges in Deprecation

Steve Syfuhs, who leads Microsoft’s Windows Authentication team, commented on the difficulty of removing a cryptographic algorithm present in every OS shipped for the last 25 years and which served as the default for so long. He explained that the core issue wasn't the algorithm's existence itself, but rather how it was chosen and the governing rules, which evolved over two decades of code changes.

During those two decades, developers uncovered numerous critical RC4 vulnerabilities requiring "surgical" fixes. Microsoft initially considered deprecating RC4 earlier but postponed it after discovering further vulnerabilities necessitating more fixes. Over this period, Microsoft introduced "minor improvements" that promoted AES usage, leading to an "orders of magnitude" drop in RC4 usage.

Syfuhs noted, "Within a year we had observed RC4 usage drop to basically nil. This is not a bad thing and in fact gave us a lot more flexibility to kill it outright because we knew it genuinely wasn’t going to break folks, because folks weren’t using it." He further detailed additional challenges and Microsoft's solutions.

While RC4 has inherent cipher weaknesses, Kerberoasting exploits a distinct vulnerability. As implemented in Active Directory authentication, it uses no cryptographic salt and only a single round of the MD4 hashing function. Salt adds random input to each password before hashing, significantly increasing the resources and time hackers need to crack a hash. MD4, conversely, is a fast algorithm requiring minimal resources. Microsoft’s AES-SHA1 implementation is much slower and iterates the hash multiple times to further impede cracking efforts. Collectively, AES-SHA1-hashed passwords require approximately 1,000 times more time and resources to crack.

Windows administrators are strongly advised to audit their networks for any RC4 usage. Given its widespread adoption and continued use across the industry, it may still be active in many environments, often to the surprise and dismay of those responsible for defending against cyberattacks.