Revamped "Start" Menu Interface
Microsoft has recently announced the deprecation of the Data Encryption Standard (DES), a symmetric-key block cipher introduced in the 1970s. Due to its antiquated nature, DES is now considered inadequate for defending against modern cryptographic attacks.
As part of this transition, support for DES will be removed in Windows 11 24H2, Windows Server 2025, and all subsequent releases. Microsoft strongly recommends that users migrate to the more secure and modern Advanced Encryption Standard (AES).
Currently, Windows does not include DES by default in these versions but provides it as an optional feature for users who still require it. This optional availability will continue until September 2025.
By September 2025, Microsoft will release a security update that permanently removes DES support. Applications and services that rely on DES may cease to function, so IT administrators are advised to proactively identify and disable DES and transition to AES-based encryption if necessary.
Microsoft has also outlined a gradual phase-out of DES encryption in Kerberos:
- Compatibility Mode: In Windows 7, Windows Server 2008 R2, and later Windows NT-based systems, DES in Kerberos is disabled by default.
- If Kerberos requires DES, administrators may manually configure support on compatible operating systems, except for Windows 11 24H2 and Windows Server 2025, where DES will no longer be configurable once the September 9, 2025 update is installed.
- Disabled Mode: Once DES support is removed from Kerberos, it will no longer function as an encryption option in Windows 11 24H2, Windows Server 2025, and all future versions.
- Any DES-based authentication mechanisms within Kerberos will fail to operate until IT administrators update applications and network configurations to use stronger encryption algorithms.
Furthermore, Microsoft will not proactively remove DES-related components from older Windows NT-based systems. The deprecation will apply only to Windows 11 24H2, Windows Server 2025, and later releases.
Related Posts:
- Windows 11 24H2: Microsoft Enforces Device Encryption by Default
- Lumma Stealer Malware Now Using ChaCha20 Cipher for Evasion
- Beyond the Ransom: Inside the Mind of Brain Cipher Ransomware Group
