All supported Windows versions getting better against brute-force attacks
It appears the anti-brute-force mechanism Microsoft implemented in Windows 11 less than a month ago is working, as the company has decided to expand it to all other supported versions of the operating system.
In an announcement, Microsoft explained that IT admins can now configure their systems to automatically block these types of attacks against local admin accounts through a group policy.
“In an effort to prevent further brute force attacks/attempts, we are implementing account lockouts for Administrator accounts,” Microsoft said. “Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts.”
Testing the features with Windows 11
Microsoft first introduced the change in late September, with the Insider Preview Build 25206, by making the SMB authentication rate limiter enabled by default. A couple of other settings have been tweaked to make these attacks “less effective”, as well.
“The SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication,” Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said at the time.
“This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take 50 hours at a minimum.”
In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making the SMB server service more resilient to brute-force attacks.
To turn the feature on, IT admins should search Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies for the “Allow Administrator account lockout” policy.
Together with this change, Microsoft also altered how all local admin passwords are set up, requiring at least three of the four basic character types – lower case, upper case, numbers, and symbols.
SolCo IT Support Reading
Based in Reading, Solution Consultants provides IT Support, Telecoms, and Cloud solutions for SMEs across the Thames Valley. We get to know your business, challenges, and goals and deploy scalable and agile technology solutions that make a real difference.
We specialise in simplifying IT, making valuable technology more accessible than ever before. We believe technology has the power to transform your business and open access to new markets. Check out our site here.