After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. > of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, > Microsoft upgraded Active Directory to support the much more secure AES > encryption standard. But by default, Windows servers have continued to respond > to RC4-based authentication requests and return an RC4-based response. The RC4 > fallback has been a favorite weakness hackers have exploited to compromise > enterprise networks. Use of RC4 played a ...

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system.