Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity ...