Microsoft Is Finally Killing RC4

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows.

of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication requests and return an RC4-based response. The RC4 fallback has been a favorite weakness hackers have exploited to compromise enterprise networks. Use of RC4 played a key role in last year’s breach of health giant Ascension. The breach caused life-threatening disruptions at 140 hospitals and put the medical records of 5.6 million patients into the hands of the attackers. US Senator Ron Wyden (D-Ore.) in September called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the continued default support for RC4.

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension’s network.

Fun fact: RC4 was a trade secret until I published the algorithm in the second edition of Applied Cryptography in 1995.

Tags: , , , , ,

Posted on December 22, 2025 at 12:05 PM10 Comments

Comments

Ray Dillinger December 22, 2025 1:45 PM

Finally. My condolences for the lasting pain of seeing your flawed work used by people to the point of damaging themselves and others. I am glad you have finally been relieved of this burden.

And yeah, it’s a burden. I’ve made some outright mistakes too, or failed to anticipate user assumptions and likely but mistaken uses. The repercussions and damage from some of them are still playing out decades later.

But we can only do our best. Whatever 20/20 hindsight we may apply later we act or create only on the basis of what we understand in the moment. We exercise restraint only on the basis of the consequences we can anticipate in the moment. Failure to act for fear that we might be making a mistake would prevent us from doing anything at all, including all the good we can do.

And failure to try to help would be worse, IMO, than trying and falling short.

So try not to be bitter about it. On bad-brain days, I’m kind of bitter about a few of mine. I know I should try not to be. I know it’s a symptom of having a bad-brain day. But it still happens.

Clive Robinson December 22, 2025 6:16 PM

@ ALL,

Oh the fun of naming an attack

With regards,

Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting,

This time it’s like barbequing a dog on a spit or griddle, I’ll let everyone make their own mind up as to who “the dog” is 😉

But if you want to know more about “griddling the dog”,

Kerberoasting, Microsoft, and a Senator

When I came up with Kerberoasting in 2014, I never thought it would live for more than a year or two. I (erroneously) thought that people would clean up the poor, dated credentials and move to more secure encryption. Here we are 11 years later, and unfortunately it still works more often than it should.

The issue is any valid user (even a compromised one) can request a ticket for any server. This means an attacker can request and save tickets for any and all servers. With those tickets in hand, the attacker then makes a guess as to the server’s password and attempts to decrypt the tickets. Since the attack is offline, an attacker can attack the password as fast as their (often specialized) hardware will let them, up to billions of attempts per second. And with no lockout of the account due to the the attack being offline.

Tim Medin at,
https://redsiege.com/blog/2025/09/kerberoasting-microsoft-and-a-senator/

The thing is Microsoft’s “Active Directory”(AD) is one of it’s old “embrace and extend” policy ploys. Basically to take Open Standards and “add proprietary bits”. And yes it was a “dumb as duck 5h1t” thing to do, because it tied Microsoft’s hands rather more than it did their customers.

That is Microsoft had to support the lowest spec users and that costs mucho bucks in the long term[1].

Thus it’s trivial with AD for any person to request a ticket from “any server” and have the server claim it can only support RC4. Which makes the “offline cipher breaking” many times faster –getting on for a thousand times– than AES256.

Because Kerberos was designed at a time when the common idea was “be permissive” there was no black or white listing of users or servers or other security measures.

So the attack is fairly simple and I amongst others have been warning about “protocol ‘fall-back’ attacks” since you could do them via an easy plaintext “Man in The Middle”(MiTM) attack with just about every “protocol negotiation phase” in existence back last century…

As I’ve said before in many cases the lowest cipher is “plaintext” for “engineering test” but the software rarely if ever warns users it’s being used.

Because the prevailing view was, and in some cases still is,

“Don’t worry the user, they’ll phone tech-support and that will cost us big!”

But… Folks should look on this use of “Ron’s Code 4″(RC4) as a “back door gift” to various agencies and entities… Thus the question arising is,

“If Microsoft pulls this back door what is it going to do to ensure there is another back door for such agencies and entities?”

[1] Give you three guesses which clown came up with and pushed the ploy… a clue is “they must have been barmy”.

Clive Robinson December 22, 2025 6:30 PM

@ Bruce, ALL,

Something that is both relevant and bad news,

For Algorithms, a Little Memory Outweighs a Lot of Time

Space and time aren’t just woven into the background fabric of the universe. To theoretical computer scientists, time and space (also known as memory) are the two fundamental resources of computation. Algorithms require a roughly proportional amount of space to runtime, and researchers long assumed there was no way to achieve anything better. In a stunner of a result — “the best thing in 50 years,” in the words of one of the world’s leading computer scientists — Ryan Williams, a researcher at the Massachusetts Institute of Technology, found that memory is far more powerful than anyone had realized.

https://www.quantamagazine.org/for-algorithms-a-little-memory-outweighs-a-lot-of-time-20250521/

dm December 22, 2025 7:55 PM

Ultimate satisfaction will arrive when they are out of business for good.

Don’t do business with them – don’t talk to them – refuse any attempts at “kindness.” Remember how easily they played the Linux community and businesses with “patents.”

We see how well that embrace worked with Novell.

KC December 22, 2025 11:04 PM

Good and really, well, essential that Microsoft is making tools available to identify RC4 usage. I have to wonder if we’ll hear much commotion when RC4 goes dark by default mid-2026.

You know, I hadn’t also recalled how Ascension’s IT posture made it so vulnerable to the scale of the 2024 attack. A weak admin password, lack of network segmentation, not following principles of least privilege. Several Ars commentors viscerally recounted the landscape of IT offshoring and labor cuts.

In ciphers and security, unequivocally better to have evaluation by friend than foe.

Clive Robinson December 23, 2025 2:54 AM

@ Moderator,

I have a problem.

The above post using my name,

https://www.schneier.com/blog/archives/2025/12/microsoft-is-finally-killing-rc4.html/#comment-450864

Which with a long spiel that starts with,

“Imagine an immigrant…”

Is not from me, and can be seen as an improper impersonation (though I doubt that is the intended purpose).

Because it is redolent of someone else who posts fairly frequently in a,

1, Similar writing style
2, Similar cadence
3, Similar Time zone
4, Using a Google Drive link
5, On the same subject matter

That oft gets moderated with the same frequency.

As it is not by me and can be read as an “impersonation” — accidental or otherwise– it is in breach of the blog rules. Can you please either remove my name from it, or remove it entirely which ever is your preference.

Thanks in advance.

Dilbert December 23, 2025 6:38 AM

Whoever keeps posting this damned Google Drive link should be blocked. @Clive, I could tell immediately that it wasn’t you posting – as I’m sure most of our regulars could as well.

darkfader December 23, 2025 3:04 PM

Sitting on a train with time to read comments i have to say that odd post by fake Clive, apparently happily scizophreniac was quite something except the aniclimatic ending, i had expected more.

can’t give more than 1 star on that.

anonymous December 25, 2025 3:41 AM

I usually just ignore any comments other than clive’s and responders to clive. I was very surprised to see that gdrive nonsense above. Remove please. Also happy holidays everyone. Good riddance to rc4.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.