ADVERTISEMENT

Microsoft Windows moves to disable NTLM, a common attack vector for hackers

After decades on life support, Microsoft is finally flipping the kill switch for NTLM (New Technology LAN Manager), a built-in authentication system. Hackers favor NTLM for its weak security and vulnerability to relay attacks.

Microsoft NTLM

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Feb 3, 2026 Updated: 3 February 2026 2 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
IPv6
Image by Cybernews.
ADVERTISEMENT

What’s changing?

  • IAKerb and local Key Distribution Center (KDC) will allow Kerberos authentication to succeed in scenarios where domain controller (DC) connectivity previously forced NTLM fallback.
  • Local KDC will help ensure that local account authentication no longer forces NTLM fallback on modern systems.
  • Core Windows components will be upgraded to negotiate Kerberos first, reducing instances of NTLM usage.

ADVERTISEMENT