By Ionut Arghire
Publication Date: 2026-02-02 11:31:00
The New Technology LAN Manager (NTLM) authentication protocol is nearing its end and will no longer be enabled in the next version of Windows Server, Microsoft says.
The legacy protocol has been present in Windows for over three decades, but it is susceptible to various types of attacks, including relay, replay, and man-in-the-middle attacks, and Microsoft deprecated NTLM in favor of stronger, Kerberos-based alternatives.
Although it no longer receives updates or enhancements, NTLM is still used, exposing organizations to attacks due to the lack of authentication, weak cryptography, and limited diagnostic data.
“Despite its deprecated status, NTLM continues to be prevalent in environments where modern protocols, such as Kerberos, are not feasible due to legacy dependencies, network limitations, or ingrained application logic,” Microsoft notes.
The tech giant’s goal is to completely remove NTLM, and it is taking a three-phase approach to disable it by default…
