Microsoft is ending support for the RC4 encryption cipher, which has been part of Windows for 26 years. This decision follows a long history of security issues linked to RC4, including severe hacks that exploited its vulnerabilities. RC4 was introduced with Active Directory in 2000 and has been criticized for its weaknesses since the mid-1990s when researchers demonstrated significant attacks against it. Despite these known flaws, RC4 continued to be used in various encryption protocols, such as SSL and TLS, until around a decade ago. The move to deprecate RC4 comes after Microsoft upgraded Active Directory to support the more secure AES encryption standard but continued to allow RC4-based authentication by default. This persistence has made it easier for hackers to breach networks, notably in the 2022 attack on Ascension, where the use of RC4 contributed to disruptions at 140 hospitals and compromised the medical records of 5.6 million patients. Senator Ron Wyden has publicly criticized Microsoft, urging the Federal Trade Commission to investigate what he termed “gross cybersecurity negligence” related to the company’s failure to remove default support for RC4. Microsoft's recent announcement to phase out RC4 is aimed at addressing its vulnerability to Kerberoasting attacks, which have been known since 2014. This type of attack was a key factor in the breach of Ascension's network, highlighting the urgent need for stronger security measures. The shift away from RC4 reflects broader efforts in the tech industry to eliminate outdated and insecure encryption methods.