Windows update could help defend against an all-too-common cyberattack
All supported Windows versions getting better against brute-force attacks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
It appears the anti-brute-force mechanismMicrosoftimplemented inWindows 11less than a month ago is working, as the company has decided to expand it to all other supported versions of the operating system.
In an announcement, Microsoft explained that IT admins can now configure their systems to automatically block these types of attacks against local admin accounts through a group policy.
“In an effort to prevent further brute force attacks/attempts, we are implementing account lockouts for Administrator accounts,” Microsoft said. “Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts.”
Testing the features with Windows 11
Microsoft first introduced the change in late September, with the Insider Preview Build 25206, by making the SMB authentication rate limiter enabled by default. A couple of other settings have been tweaked to make these attacks “less effective”, as well.
“The SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication," Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said at the time.
“This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000passwords), the same number of attempts would now take 50 hours at a minimum.”
Check out the best identity management solutions out there>Windows 11 now has much better protection against brute-force attacks>Brute-force attacks targeting MSSQL servers, Microsoft warns
In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making the SMBserverservice more resilient to brute-force attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To turn the feature on, IT admins should search Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies for the “Allow Administrator account lockout” policy.
Together with this change, Microsoft also altered how all local admin passwords are set up, requiring at least three of the four basic character types - lower case, upper case, numbers, and symbols.
ViaBleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Is it still worth using Proton VPN Free?
Mozambique VPN usage soars as internet restrictions continue
Amazon is fixing the Kindle Colorsoft ‘yellow band’ issue – and we might know what went wrong
