Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft NTLM phase-out and disable-by-default plan

Advisory/Mitigation
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft is rolling out a three-phase NTLM phase-out for Windows, pushing organizations to audit NTLM usage, migrate to Kerberos, and prepare for NTLM-off configurations.

Related Happenings

GhostTree and GhostBranch NTFS junction loops that evade recursive folder scanning

Technical Analysis
H score23 First: 16.06.2026 17:17 Last: 16.06.2026 17:17 Sources 1

About this happening: **GhostTree** and **GhostBranch** use recursive **NTFS junction** loops to generate effectively unlimited paths, allowing files in the same folder to evade **EDR** and **Windows D...

Windows search URI handler NTLMv2 hash disclosure security flaw (CVE-2026-33829)

Vulnerability
H score24 First: 03.06.2026 13:18 Last: 03.06.2026 13:18 Sources 1

About this happening: **Windows search: URI handler** has an **unpatched NTLMv2 hash disclosure flaw** that can let an attacker capture a user's Net-NTLMv2 hash through a crafted `search:` link. The we...

Windows Autopatch enables hotpatch security updates by default for eligible devices

Security Tool/Service
H score15 First: 11.03.2026 11:15 Last: 11.03.2026 11:15 Sources 1

About this happening: Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...

Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview

Security Tool/Service
H score26 First: 10.03.2026 17:27 Last: 10.03.2026 17:27 Sources 1

About this happening: **Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...

Bitwarden adds passkey login for Windows 11 sign-in

Security Tool/Service
H score11 First: 05.03.2026 00:34 Last: 05.03.2026 00:34 Sources 1

About this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.

Timeline

  1. 02.02.2026 17:59 2 articles · 5mo ago

    Microsoft announces NTLM phase-out roadmap for Windows

    Initial Disclosure

    Microsoft announced a three-phase plan to phase out NTLM in Windows and move enterprise authentication toward Kerberos-based options. The roadmap says NTLM was formally deprecated in June 2024, Phase 1 enhanced NTLM auditing is available now to show where and why NTLM is still used, Phase 2 will address migration roadblocks with IAKerb and local KDC while updating core Windows components to prioritize Kerberos in H2 2026, and Phase 3 will disable NTLM by default in the next version of Windows Server and the associated Windows client with explicit re-enablement controlled by policy.

    Show sources