HomeWinBuzzer NewsMicrosoft Disables RC4 Support in Edge and Internet Explorer 11

Microsoft Disables RC4 Support in Edge and Internet Explorer 11

A year after promising to disable the RC4 stream cipher in Edge and IE 11, Microsoft has followed through. The decades-old cipher is now viewed as vulnerable and has already been disabled on rival browsers.

-

announced that the RC4 stream cipher has been disabled. The company announced last year that it would end support for RC4 on Edge (Windows 10) and Internet Explorer 11 (Windows 7 +). That commitment was reiterated earlier in the year because the cipher is cryptographically insecure. With yesterday's release of cumulative update KB3151631, Microsoft finally shuttered the stream.

It is hardly a surprise that Microsoft would want to close the stream. RC4 is a stream cipher that was originally designed in 1987. Since then it became a standard for . As well as Edge and Internet Explorer, it has been used in Mozilla Firefox and Chrome. It is noted for its simplicity and speed.

However, age has caught up with the cipher and many vulnerabilities have been found in modern times. Breaking it is hardly a tough task these days, so the Internet Engineering Task Force prohibited the use of RC4 with TLS in February 2015.

Shutting Down

Microsoft is late to the party in terms of disabling the RC4 cipher. Mozilla and Google have already pulled the plug, and so has Opera. Microsoft has been using the cipher as a fallback from TLS 1.2 or 1.1 to TLS 1.0. Microsoft explains what this means in its official blog post:

“A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack. For this reason, the cipher is now entirely disabled by default for and Internet Explorer users on Windows 7, Windows 8.1 and Windows 10.”

RC4 will now be disabled across the two browsers running on Windows 10 and Windows 7 through 8.1. The cipher is rarely used these days, so Microsoft points out that most users will not even know the difference.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News