Microsoft has announced the discontinuation of an outdated encryption cipher that has been a security vulnerability for Windows users for over a decade. This decision comes in response to numerous cyberattacks that have exploited the weak cipher and recent criticism from US Senator Ron Wyden.
RC4, a stream cipher developed by cryptographer Ron Rivest in 1987, became the default encryption method for Windows Active Directory back in 2000. Despite being compromised shortly after its release, RC4 remained in use, even in encryption protocols like SSL and TLS, until recently.
Microsoft’s continued support for RC4 in Windows servers has been a significant target for hackers looking to compromise enterprise networks. The outdated cipher played a crucial role in the breach of health organization Ascension, which led to severe disruptions in hospital operations and exposed sensitive patient records to attackers.
With the phasing out of RC4, Microsoft aims to enhance security by transitioning domain controllers to rely solely on the more robust AES encryption standard. This move is expected to bolster Windows server defenses against cyber threats and safeguard sensitive data from potential breaches.
Source: WIRED
Leave a Reply