1 min read

Microsoft Blocks RDP Brute-Force Attacks by Default in Windows 11

Vlad CONSTANTINESCU

July 22, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Microsoft Blocks RDP Brute-Force Attacks by Default in Windows 11

In the latest Windows 11 builds, Microsoft enabled the Account Lockout Policy by default, which doubles as a fail-safe against RDP brute-forcing attempts.

The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.

Brute-force attacks involve inputting a massive number of passwords consecutively, most commonly relying on automation and scripts or extracting them from a dictionary file. As the Account Lockout Policy blocks accounts that input the wrong password 10 times in a row, it could defeat brute-forcing.

Microsoft implemented the changes in its latest Windows 11 builds, starting with Insider Preview 22528.1000.

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” said Microsoft VP for Enterprise and OS Security David Weston in a tweet yesterday. “This technique is very commonly used in Human Operated Ransomware, and other attacks - this control will make brute forcing much harder,” the announcement continues.

Although Microsoft only enabled the Account Lockout Policy by default on Windows 11, the feature is also available on Windows 10. However, it requires manual activation, which you can do by following these steps:

  1. Hit the Win key on your keyboard and type Group Policies
  2. Open Edit group policies
  3. Head to Local Computer Policy >Windows Settings > Security Settings > Account Policies > Account Lockout Policy
  4. Set the Account lockout duration, Account lockout threshold, and Reset account lockout counter after settings according to your preferences

This is not Microsoft’s first attempt to diminish the efficacy of certain types of cyberattacks by disabling features in its products by default. Earlier this year, Microsoft announced disabling Visual Basic for Applications (VBA) macros by default in some of its products. Although the company recently withdrew its decision, it seems to have come around and disabled the macros by default for good.

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader