Windows 11 now has much better protection against brute-force attacks

It’s going to take a lot more time to try out numerous combinations

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoft’s SMB server service onWindows 11has been given an update aimed at making it better at defending against brute-force attacks.

In theoperating system’s latestWindows 11 2022 update, the Insider Preview Build 25206, recently pushed to the Dev Channel, SMB authentication rate limiter is enabled by default.

What’s more, a couple of other settings have been tweaked to make these attacks “less effective”.

Unattractive target

“With the release ofWindows 11Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication,” Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said in ablog postannouncing the news.

“This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000passwords), the same number of attempts would now take 50 hours at a minimum.”

In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making theSMB serverservice more resilient to brute-force attacks.

“The goal here is to make a Windows client an unattractive target either when in a workgroup or for its local accounts when joined to a domain,” Microsoft’s Amanda Langowski and Brandon LeBlanc chimed in.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The authentication rate limiter, which is not enabled by default, was first introduced to Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds, some six months ago. The SMB server, on the other hand, does launch automatically on all versions. It needs to be exposed to the internet, though, by manually opening a firewall.

Brute-force attacks targeting MSSQL servers, Microsoft warns>Microsoft sounds the alarm over new wave of password spraying attacks>These are the best firewalls right now

Those interested in trying out the new feature need to run this PowerShell command:

Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

“This behavior change has no effect on Kerberos, which authenticates before an application protocol like SMB connects. It is designed to be another layer of defense in depth, especially for devices not joined to domains such as home users,” Pyle also said

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

The M4 Mac mini has removable, modular storage – and an important SSD upgrade