NTLM to be deprecated from Windows 11
Ravie Lakshmanan, The Hacker News, Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses
Microsoft has chosen not to use the NTLM authentication protocol on Windows 11, stating this as one of the works being carried out by the company in improving security and keeping users’ data safe.
What is NTLM?
NTLM is short for New Technology LAN Manager, which is an older system Windows used to check who was who. It has been quite serviceable for several years, but NTLM has security problems and is considered less safe than newer methods like Kerberos and Active Directory Federation Services.
Why is NTLM being replaced?
Microsoft has decided to retire NTLM mainly due to security issues. NTLM is vulnerable to various kinds of attacks, including pass-the-hash, relay attacks, and password spraying. All these various weaknesses may give attackers unauthorized access to systems and data.
Microsoft wants, by removing NTLM, to reduce the chances of those kinds of attacks and make Windows 11 overall a bit more secure.
What does this mean for Windows 11 users?
This will not remove NTLM from Windows 11 overnight. Consequently, Microsoft has not specified any timeline for its removal. However, users can be on the lookout for the gradual substitution of NTLM by more secure means of logging in.
What are the alternatives to NTLM?
Microsoft does recommend migration to these authentication methods:
Kerberos: The most widely deployed authentication protocol that provides strong security and integrates well with Active Directory.
Active Directory Federation Services: This will be a federation service, allowing SSO into various applications and services.
The modern authentication protocols are OAuth 2.0, OpenID Connect, among others. Web applications are their most frequent use.
How can organizations prepare for the NTLM deprecation?
Organisations reliant on NTLM should already be planning to move on to modern authentication methods, such as:
Inventory NTLM usage: Enumerate all applications and systems that rely on NTLM authentication.
Check compatibility: Check the compatibility of these applications and systems with today’s modern authentication methodologies.
Planning for migration: Identify a move to modern authentication techniques, including timelines and resources required, as well as ways of testing.
Security best practices: Strong security is developed to reinforce defense against potential attacks during a transition process.
Conclusion: Removing NTLM from Windows 11 is a major step toward security enhancement and protection of user data. Organizations should now take necessary steps to prepare for this change so that migration to modern authentication techniques can be smooth and secure.
Sources:
Microsoft Documentation: https://learn.microsoft.com/en-us/windows-server/security/kerberos/ntlm-overview
TechRepublic: https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-ntlm-authentication-protocol/
ZDNet: https://thehackernews.com/2023/10/microsoft-to-phase-out-ntlm-in-favor-of.html
