Hello and welcome to the Wednesday, December 17th, 2025 edition of the Sands Internet Storm Centers

Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode

is brought you by the Sands.edu graduate certificate program in cybersecurity leadership.

I want to start today's podcast, not sort of with breaking news, but with an issue that has come up beginning of the month and is something that you probably should address early next year.

So now is the time kind of to get ready and get organized to get this worked out.

And that's Microsoft discontinuing RC4 for all the occasion.

Hopefully for your organization, this will be really a non-event.

The last version of Windows that did require R-S4 was Windows Server 2003, if I

remember correctly, so hopefully don't have 20-plus year-old systems around, but we all know

it's easier set than done, and yes, sometimes these legacy systems are hanging around.

So what Microsoft did in order to support this transition is that they came up with an

extensive blog, a website here, Beyond RC4 for Windows authentication, that goes over some

of the steps that you can take in order to make sure

that you won't be affected once RC4 will at least by default be disabled for authentication

with Active Directory. Now that turnover will be mid next year, so again, you still have some time.

And what they did now to get ready for it was to

enable additional logging in the security events that basically log what authentication

mechanisms are used and what are available. If you do have one of the newers like ES and such

available and you still use RC4, well, in this case,

it may just be as easy as changing the particular user's password, which again may not necessarily

be easy. They also do provide PowerShell scripts to search your logs for any accounts that may

need to be updated

...