Microsoft Enhances Security Against NTLM Relay Attacks
/ 1 min read
🛡️✨ Microsoft enhances security against NTLM relay attacks in Windows Server 2025. As part of its ongoing efforts to phase out the outdated NTLM authentication protocol, Microsoft has introduced Extended Protection for Authentication (EPA) as the default setting in Windows Server 2025. This update aims to bolster defenses against NTLM relay attacks, which exploit the protocol’s challenge/response mechanism to misuse hashed user credentials. Recent vulnerabilities linked to NTLM and Office applications highlight the urgency of these enhancements. Additionally, channel binding for LDAP is now enabled by default, further strengthening security measures. Microsoft encourages administrators of earlier server versions to manually enable these protections to safeguard against potential exploits.
