ntlm

Microsoft's decision to ship Windows in a "secure-by-default" state by disabling NTLM (NT LAN Manager) authentication by default marks one of the most consequential shifts in Windows security policy in decades, and it will force enterprises to confront years of legacy dependencies or accelerate...

Microsoft has declared an end of the road for NTLM as a secure default: network NTLM authentication will be blocked by default in upcoming Windows client and server releases, replaced by Kerberos-first behavior and a multi-year migration plan that delivers auditing, compatibility tooling, and...

Microsoft’s move to flip NTLM off by default in preview builds is the latest signal that the long, gradual retirement of a three‑decade‑old authentication relic is now an operational priority — and it will force IT teams to confront years of technical debt, compatibility traps, and process gaps...

Microsoft is preparing to ship Windows in a “secure‑by‑default” state that blocks network NTLM authentication unless an administrator explicitly allows it — a staged, multi‑phase program that replaces default NTLM fallbacks with a Kerberos‑first approach while shipping new Kerberos capabilities...

Microsoft is moving Windows toward a “Kerberos-first” default by phasing out New Technology LAN Manager (NTLM) as the out‑of‑the‑box network authentication option and shipping new Kerberos capabilities and telemetry to give administrators time to discover and remediate legacy dependencies before...

Microsoft is preparing to ship Windows in a "secure-by-default" state that blocks network NTLM authentication unless an organization explicitly allows it — a phased, multi-year shift that replaces legacy NTLM with Kerberos-first authentication and introduces new Kerberos capabilities (IAKerb and...

Microsoft’s long-running allowance for NTLM-based authentication is finally being reworked into history: the company has laid out a phased plan to clamp down on Network NTLM and push Windows environments toward Kerberos-first authentication, a move that promises real security gains but will...

Microsoft has assigned CVE-2026-20925 to an information-disclosure / spoofing defect in NTLM authentication — a File Explorer–adjacent weakness that, based on the vendor entry and community precedent, can cause a Windows host to leak NTLM negotiation material (NTLMv2 challenge/response blobs) to...

If your File Explorer preview pane suddenly stopped showing the contents of PDFs, Office documents or other files you just downloaded — and instead shows a blunt warning that “The file you are attempting to preview could harm your computer” — that behavior is not a bug: Microsoft intentionally...

Microsoft’s quiet but sweeping change to File Explorer — disabling the Preview pane for files flagged as coming from the Internet — is a security-first response to a proven NTLM credential‑theft vector that landed in the October 2025 Patch Tuesday updates and immediately rippled through...

Microsoft’s Security Update Guide records CVE-2025-58739 as a Windows File Explorer vulnerability that exposes sensitive information and can be abused for network‑level spoofing, a bug administrators should treat with urgency even though public technical detail remains intentionally minimal...

Microsoft has recorded CVE-2025-59185 as an external control of file name or path vulnerability in Windows Core Shell that Microsoft classifies as a spoofing issue and that security trackers map into the broader family of NTLM hash‑disclosure and spoofing problems that have been actively...

Microsoft’s September Patch Tuesday delivered a broad, operationally important set of security updates on September 9, 2025, covering Windows, Microsoft Office, SQL Server and related platform components — with industry trackers reporting roughly 80–86 CVEs patched and several high‑priority...

Microsoft’s September Patch Tuesday consolidates a large and varied set of fixes: Microsoft shipped updates covering roughly eighty CVEs across 15 product families, with a cluster of Elevation of Privilege (EoP) and Remote Code Execution (RCE) issues dominating the tally and a small set of...

Microsoft’s September Patch Tuesday delivers a heavy, operationally urgent security package: more than 80 CVEs across Windows, Office, Hyper‑V, Azure components and developer libraries, including eight items Microsoft rates critical and two vulnerabilities that were publicly disclosed before the...

Microsoft’s September 2025 Patch Tuesday delivers a heavy, operationally important security payload: this cycle addresses roughly 80 CVEs across Windows, Office, Azure, Hyper‑V and related components, including several critical remote‑code‑execution (RCE) and elevation‑of‑privilege (EoP) flaws...

Microsoft’s September 2025 Patch Tuesday shipped a wide-ranging set of fixes addressing 80 CVEs across Windows, Office, virtualization, and platform components — with eight rated Critical and 72 rated Important — and included several high-profile fixes for SMB, NTLM, NTFS, Office, SharePoint...

Microsoft’s September Patch Tuesday arrived with a broad set of fixes and a matching set of detection updates from Cisco Talos — including a new Snort ruleset — aimed at the most likely-to-be-exploited flaws this month. The update package contains dozens of CVEs spanning Windows core components...

Microsoft’s advisory that an improper authentication vulnerability in Windows NTLM can let an authenticated actor elevate privileges over the network is the latest warning flag in a year already crowded with NTLM-related incidents and active exploitation chains. The vendor entry the user...

Microsoft’s advisory for CVE-2025-54895 warns that an integer overflow or wraparound in the SPNEGO Extended Negotiation (NEGOEX) security mechanism can be triggered by an authorized local actor to elevate privileges, turning a legitimate local account into a pathway to SYSTEM-level control if...