Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Staff Editor 2026-02-02
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html

Publish Date: 2026-02-02 10:59:00

Source Domain: thehackernews.com

Ravie LakshmananFeb 02, 2026Kerberos / Enterprise Security

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.

The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad actors to gain unauthorized access to network resources. NTLM was formally deprecated in June 2024 and no longer receives updates.

“NTLM consists of security protocols originally designed to provide authentication, integrity, and confidentiality to users,” Mariam Gewida, Technical Program Manager II at Microsoft, explained. “However, as security threats have evolved, so have our standards to meet modern security expectations. Today, NTLM is susceptible to various attacks, including replay and man-in-the-middle attacks, due to its use of weak cryptography.”

Despite the deprecated status, Microsoft said it continues to find the use of NTLM prevalent in enterprise environments where modern protocols like Kerberos cannot be implemented due to legacy dependencies, network limitations, or ingrained application logic. This, in turn, exposes organizations to security risks, such as replay, relay, and pass-the-hash attacks.

Cybersecurity

To mitigate this problem in a secure manner, the company has adopted a three-phase strategy that paves the way for NTLM to be disabled by default –

  • Phase 1: Building visibility and control using enhanced NTLM auditing to better understand where and why NTLM is still being used (Available now)
  • Phase 2: Addressing common roadblocks that prevent a migration to NTLM through features like IAKerb and local Key Distribution Center (KDC) (pre-release), as well as updating core Windows components to prioritize Kerberos authentication (Expected in H2 2026)
  • Phase 3: Disabling NTLM in the next version of…

Source

More Stories

Are connected electric vehicles safe? The top threats they face

Are connected electric vehicles safe? The top threats they face

Staff Editor 2026-06-06
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Staff Editor 2026-06-06
Three highlights in latest DHS spending bill

Three highlights in latest DHS spending bill

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy