Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Microsoft is killing off this authentication protocol in Windows - here's why

    aum

    By aum,
    Published Date:

    • 334 views
    • 2 minutes
     Share
    • 334 views
    • 2 minutes

    An old tool is finally being thrown out in Windows 11

     

    Microsoft is stripping Windows 11 users of an old protocol that authenticates remote users.

     

    The New Technology LAN Manager (NTLM) was effectively usurped by Kerberos, the MIT-developed cross-platform tool which works as the authentication protocol for any version of Windows since Windows 2000. 

     

    In fact, Microsoft even recommended users refrain from using NTLM way back in 2010. However, it has still been kept around as a backup incase Kerberos fails. But now it is finally getting the axe.

     

    NTLM no more


    NTLM is considered weak from a security standpoint, as it has been exploited many times by threat actors to authenticate connection between their target's network and their own malicious servers. From here they can take over their victim's machines. 

     

    Attackers have also been able to steal NTLM hashes of passwords from targets via vulnerabilities in their system, using them to authenticate access to the victim's system and move throughout their network.

     

    For these reasons, Microsoft has long been recommending that admins disable NTLM or block their servers from NTLM relay attacks by using Active Directory Certificate Services (AD CS). 

     

    As a replacement for NTLM, Microsoft is currently developing IAKerb (Initial and Pass Through Authentication Using Kerberos) and the Local KDC (Local Key Distribution Center).

     

    The former is built on the Security Account Manager of the local machine, so remote authentication can be implemented using Kerberos. IAKerb is then used to transmit Kerberos messages between machines, "without having to add support for other enterprise services like DNS, netlogon, or DCLocator," said Matthew Palko at Microsoft.

     

    "IAKerb also does not require us to open new ports on the remote machine to accept Kerberos messages," he added.

     

    While Palko also said that "NTLM will continue to be available as a fallback to maintain existing compatibility," more controls will be available to admins to monitor and restrict NLTM within their network. 

     

    Palko concludes, though, that "reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11."

     

    Source

    • Ha91 and Mutton
    • Like 2
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...