Kerberos
The latest Kerberos coverage — news, analysis, and updates from the WindowsNews.AI desk.
IAKerb & LocalKDC in Windows 11 Kill NTLM Fallbacks
Microsoft is arming upcoming Windows 11 and Windows Server Insider builds with two new Kerberos authentication extensions—IAKerb and LocalKDC—designed to finally sever the long-standing...
CVE-2026-27912 Kerberos EoP Vulnerability: Microsoft's Confidence Metric and Enterprise Security Implications
Microsoft's CVE-2026-27912 reveals a critical Kerberos elevation of privilege vulnerability that could allow attackers to gain domain administrator privileges without requiring user interaction. The...
Microsoft's March 2026 Patch Fixes Critical Active Directory Vulnerability CVE-2026-25177
Microsoft released a critical security update on March 10, 2026, addressing CVE-2026-25177, an elevation-of-privilege vulnerability in Active Directory Domain Services. The company rates this...
Microsoft Patches Critical Kerberos Security Bypass CVE-2026-24297 in March 2026 Update
Microsoft released a security update on March 10, 2026 addressing CVE-2026-24297, a Windows Kerberos security feature bypass vulnerability rated as important. This patch resolves a race condition in...
Microsoft Begins NTLM Deprecation: Windows Preview Blocks Legacy Protocol by Default
Microsoft has taken a decisive step in its long-running campaign to retire the NTLM authentication protocol, announcing that Windows 11 preview builds will now block NTLM by default. This move...
Windows Kerberos First: Microsoft Details NTLM Deprecation Timeline
Microsoft has officially announced a comprehensive, phased plan to deprecate and eventually remove NTLM (NT LAN Manager) authentication from Windows environments, marking a significant shift in the...
Microsoft sets AES as default Kerberos encryption, RC4 removal targeted by 2026.
Microsoft is embarking on a significant security overhaul of its Kerberos authentication protocol, with changes that will fundamentally alter how Windows domain controllers handle encryption. The...
January 2026 Kerberos Hardening & Secure Boot Changes: What Windows Admins Must Know
Microsoft's January 2026 security update marks a significant turning point in Windows security infrastructure, initiating a multi-year transition toward stronger authentication protocols and...
Microsoft's Kerberos OOB Updates: Fixing Domain Controller Sign-in Failures
In November 2022, Microsoft released a series of emergency, out-of-band (OOB) updates to address a critical Kerberos authentication regression that was causing sign-in failures and remote access...
Windows Kerberos Security Overhaul: AES Default, RC4 Deprecation by 2026
Microsoft is fundamentally changing a core security protocol that has been in place for decades, announcing that Windows Kerberos authentication will default to AES encryption types while completely...
Windows Kerberos Security Overhaul: AES-SHA1 Default, RC4 Disabled by Mid-2026
Microsoft has announced a significant security milestone that will reshape Windows authentication infrastructure for years to come. By mid-2026, domain controllers running Windows Server 2008 and...
Windows Kerberos RC4 Deprecation: AES Default by Mid-2026, What You Need to Know
Microsoft has announced a definitive timeline for retiring the vulnerable RC4 cipher in Windows Kerberos authentication, marking a significant security milestone that will affect enterprise...