Windows update could help defend against an all-too-common cyberattack
>
It seems that the anti-brute-force mechanism that Microsoft implemented in Windows 11 less than a month ago is working as the company has decided to extend it to all other supported versions of the operating system.
In an announcement, Microsoft explained that IT administrators can now configure their systems to automatically block these types of attacks on local administrator accounts through a group policy.
“In an effort to prevent further brute force attacks/attempts, we are implementing account lockouts for administrator accounts,” Microsoft said. “As of the cumulative Windows updates of October 11, 2022 or later, a local policy is available to enable local administrator account lockouts.”
Testing the features with Windows 11
Microsoft first introduced the change in late September, with the Insider Preview Build 25206, by making the SMB authentication speed limiter enabled by default. A number of other settings have been adjusted to make these attacks “less effective” as well.
“The SMB server service now defaults to a default value of 2 seconds between each failed inbound NTLM authentication,” said Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, at the time.
This means that if an attacker previously sent 300 brute force attempts per second from a client (90,000 passwords) for 5 minutes, (opens in new tab)), the same number of attempts would now take at least 50 hours.”
In other words, by enabling the feature, there is a delay between each failed NTLM authentication attempt, making the SMB server service more resilient to brute-force attacks.
To enable the feature, IT administrators need to search Local Computer PolicyComputer ConfigurationWindows SettingsSecurity SettingsAccount PoliciesAccount Lockout Policies for the “Allow administrator account lockout” policy.
Along with this change, Microsoft has also changed the way all local administrator passwords are set, requiring at least three of the four basic character types: lowercase, uppercase, numbers, and symbols.
Through BleepingComputer (opens in new tab)