Microsoft Is Finally Killing RC4

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows.

One of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued to respond to RC4-based authentication requests and return an RC4-based response. The RC4 fallback has been a favorite weakness hackers have exploited to compromise enterprise networks. Use of RC4 played a key role in last year’s breach of health giant Ascension. The breach caused life-threatening disruptions at 140 hospitals and put the medical records of 5.6 million patients into the hands of the attackers. US Senator Ron Wyden (D-Ore.) in September called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the continued default support for RC4.

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension’s network.

Fun fact: RC4 was a trade secret until I published the algorithm in the second edition of Applied Cryptography in 1995.

Tags: , , , , ,

Posted on December 22, 2025 at 12:05 PM13 Comments

Comments

Ray Dillinger December 22, 2025 1:45 PM

Finally. My condolences for the lasting pain of seeing your flawed work used by people to the point of damaging themselves and others. I am glad you have finally been relieved of this burden.

And yeah, it’s a burden. I’ve made some outright mistakes too, or failed to anticipate user assumptions and likely but mistaken uses. The repercussions and damage from some of them are still playing out decades later.

But we can only do our best. Whatever 20/20 hindsight we may apply later we act or create only on the basis of what we understand in the moment. We exercise restraint only on the basis of the consequences we can anticipate in the moment. Failure to act for fear that we might be making a mistake would prevent us from doing anything at all, including all the good we can do.

And failure to try to help would be worse, IMO, than trying and falling short.

So try not to be bitter about it. On bad-brain days, I’m kind of bitter about a few of mine. I know I should try not to be. I know it’s a symptom of having a bad-brain day. But it still happens.

Clive Robinson December 22, 2025 6:16 PM

@ ALL,

Oh the fun of naming an attack

With regards,

Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting,

This time it’s like barbequing a dog on a spit or griddle, I’ll let everyone make their own mind up as to who “the dog” is 😉

But if you want to know more about “griddling the dog”,

Kerberoasting, Microsoft, and a Senator

When I came up with Kerberoasting in 2014, I never thought it would live for more than a year or two. I (erroneously) thought that people would clean up the poor, dated credentials and move to more secure encryption. Here we are 11 years later, and unfortunately it still works more often than it should.

The issue is any valid user (even a compromised one) can request a ticket for any server. This means an attacker can request and save tickets for any and all servers. With those tickets in hand, the attacker then makes a guess as to the server’s password and attempts to decrypt the tickets. Since the attack is offline, an attacker can attack the password as fast as their (often specialized) hardware will let them, up to billions of attempts per second. And with no lockout of the account due to the the attack being offline.

Tim Medin at,
https://redsiege.com/blog/2025/09/kerberoasting-microsoft-and-a-senator/

The thing is Microsoft’s “Active Directory”(AD) is one of it’s old “embrace and extend” policy ploys. Basically to take Open Standards and “add proprietary bits”. And yes it was a “dumb as duck 5h1t” thing to do, because it tied Microsoft’s hands rather more than it did their customers.

That is Microsoft had to support the lowest spec users and that costs mucho bucks in the long term[1].

Thus it’s trivial with AD for any person to request a ticket from “any server” and have the server claim it can only support RC4. Which makes the “offline cipher breaking” many times faster –getting on for a thousand times– than AES256.

Because Kerberos was designed at a time when the common idea was “be permissive” there was no black or white listing of users or servers or other security measures.

So the attack is fairly simple and I amongst others have been warning about “protocol ‘fall-back’ attacks” since you could do them via an easy plaintext “Man in The Middle”(MiTM) attack with just about every “protocol negotiation phase” in existence back last century…

As I’ve said before in many cases the lowest cipher is “plaintext” for “engineering test” but the software rarely if ever warns users it’s being used.

Because the prevailing view was, and in some cases still is,

“Don’t worry the user, they’ll phone tech-support and that will cost us big!”

But… Folks should look on this use of “Ron’s Code 4″(RC4) as a “back door gift” to various agencies and entities… Thus the question arising is,

“If Microsoft pulls this back door what is it going to do to ensure there is another back door for such agencies and entities?”

[1] Give you three guesses which clown came up with and pushed the ploy… a clue is “they must have been barmy”.

Clive Robinson December 22, 2025 6:30 PM

@ Bruce, ALL,

Something that is both relevant and bad news,

For Algorithms, a Little Memory Outweighs a Lot of Time

Space and time aren’t just woven into the background fabric of the universe. To theoretical computer scientists, time and space (also known as memory) are the two fundamental resources of computation. Algorithms require a roughly proportional amount of space to runtime, and researchers long assumed there was no way to achieve anything better. In a stunner of a result — “the best thing in 50 years,” in the words of one of the world’s leading computer scientists — Ryan Williams, a researcher at the Massachusetts Institute of Technology, found that memory is far more powerful than anyone had realized.

https://www.quantamagazine.org/for-algorithms-a-little-memory-outweighs-a-lot-of-time-20250521/

dm December 22, 2025 7:55 PM

Ultimate satisfaction will arrive when they are out of business for good.

Don’t do business with them – don’t talk to them – refuse any attempts at “kindness.” Remember how easily they played the Linux community and businesses with “patents.”

We see how well that embrace worked with Novell.

KC December 22, 2025 11:04 PM

Good and really, well, essential that Microsoft is making tools available to identify RC4 usage. I have to wonder if we’ll hear much commotion when RC4 goes dark by default mid-2026.

You know, I hadn’t also recalled how Ascension’s IT posture made it so vulnerable to the scale of the 2024 attack. A weak admin password, lack of network segmentation, not following principles of least privilege. Several Ars commentors viscerally recounted the landscape of IT offshoring and labor cuts.

In ciphers and security, unequivocally better to have evaluation by friend than foe.

Clive Robinson December 23, 2025 2:54 AM

@ Moderator,

I have a problem.

The above post using my name,

https://www.schneier.com/blog/archives/2025/12/microsoft-is-finally-killing-rc4.html/#comment-450864

Which with a long spiel that starts with,

“Imagine an immigrant…”

Is not from me, and can be seen as an improper impersonation (though I doubt that is the intended purpose).

Because it is redolent of someone else who posts fairly frequently in a,

1, Similar writing style
2, Similar cadence
3, Similar Time zone
4, Using a Google Drive link
5, On the same subject matter

That oft gets moderated with the same frequency.

As it is not by me and can be read as an “impersonation” — accidental or otherwise– it is in breach of the blog rules. Can you please either remove my name from it, or remove it entirely which ever is your preference.

Thanks in advance.

Dilbert December 23, 2025 6:38 AM

Whoever keeps posting this damned Google Drive link should be blocked. @Clive, I could tell immediately that it wasn’t you posting – as I’m sure most of our regulars could as well.

darkfader December 23, 2025 3:04 PM

Sitting on a train with time to read comments i have to say that odd post by fake Clive, apparently happily scizophreniac was quite something except the aniclimatic ending, i had expected more.

can’t give more than 1 star on that.

anonymous December 25, 2025 3:41 AM

I usually just ignore any comments other than clive’s and responders to clive. I was very surprised to see that gdrive nonsense above. Remove please. Also happy holidays everyone. Good riddance to rc4.

Francis Mayer January 15, 2026 10:27 AM

Information technology has received too much of a pass on liability. If all technology companies were held liable for all insecurities as they should be, this nonsense would stop. The law worldwide must change so as to hold all technology companies everywhere liable for flaws in their products especially flaws identified but not corrected in a timely manner. It is ridiculous that we allow technology companies to escape product liability law suits when we don’t allow that for any other sector.

Clive Robinson January 15, 2026 2:11 PM

@ Francis Mayer,

With regards,

“It is ridiculous that we allow technology companies to escape product liability law suits when we don’t allow that for any other sector.”

Actually we do allow other sectors to escape liability laws.

Think just about everything in the various finance industries, as a starting point. Worse there are several more… almost anything involving leasing likewise gets away with not being legislated for consumer protection.

Oh and don’t get me started on “renting” via “serviced lets” and similar.

There is a fairly serious reason why the software industry “licences” rather than “sells” and it has nothing what so ever to do with the usual nonsense handed out…

It’s all about moving everything to a “rent model” where you don’t own what you’ve paid for, therefore the product originator legally maintains ownership and you have no legal come back against them as legally you don’t own anything but they own it all. Thus legally you have no standing for remedial action under law other than to get a tiny fraction of your rent back if any.

Further as you

“If all technology companies were held liable for all insecurities as they should be, this nonsense would stop.”

Unfortunately most insecurities are not covered by any legal process because of the notion of,

“Act of deity, not man”.

Most instances of vulnerability even though in a known Class of vulnerability are usually “new” thus fall under the notion that they were,

“Not reasonably predictable, as they are new…”

The issue is quite simple,

1, Could this vulnerability have been known? With the predictable answer being “NO”…
2, So… because it’s “new” then liability falls to Act of God…
3, The wealthy get excused.
4, The poor pick up the bill.

There is a sinical statment about the wealth who in effect pay no tax, where as working jo(e)s hand over to the Government over half what they earn. The model fairly cynically is known as,

“Buy, Borrow, die”

That is you

1, Buy Assets
2, Use assets to get tax free loans and loop to 1.
3, Put assets into company holdings and distribute shares tax free into trusts that your family members gain control of.
4, When you die you have no or minimal assets on which to pay death duties.
5, Any debt in effect gets written off on your demise or if somebody has been astute gets covered by insurance which is not just tax free it’s tax deductable.

It’s why we have a “K shaped economy” the 1% of the 1% travel the upward road as their assets increase in value due to inflation. Whilst the rest of us travel the downward road as inflation destroys the value of savings and other monetary holdings like pensions and similar.

It’s why in the past I’ve talked of “real or asset value” and “faux or financial value” and used a ton of coal as an example of the two values involved.

All the software industry does is stop you obtaining an asset with all the benefit of ownership, just a lease, licence, or rent financial liability where there is no benefit other than that you can gain by use of the software.

Cory Doctorow was making the same point in his 39C3 talk in late December.

Winter January 16, 2026 4:43 AM

@Francis Mayer

It is ridiculous that we allow technology companies to escape product liability law suits when we don’t allow that for any other sector.

Tobacco, alcohol, soft-drinks, or snacks in general have not been bothered much for their major cause-of-death status.

For software the point is simple.

As the security and safety of a software program is unpredictable, the choice would be between using software or not using it at all.

With product liability, there would simply be no software to use. Any company silly enough to sell a program would be bankrupted by the fallout of the first bug.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.