Jul 21 2022

Microsoft adds default protection against RDP brute-force attacks

Category: Security Operations CenterDISC @ 9:37 am

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet.

Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.

Minimizing the RDP attack vector

The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold – a specific number of failed logon attempts – after which a user account will be locked.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.

From Windows 11 build 22528.1000 and onwards, the account lockout threshold is, according to Bleeping Computer, set to 10 failed login attempts in 10 minutes, which should make this type of attack harder to pull off.

The revelation has set off calls for the control to be backported to older Windows and Windows Server version – a move that’s apparently in the works.


Minimizing the effect of Brute Force Attack 

Tags: Microsoft, RDP brute-force attacks