Windows 11 wants to fight RDP brute force attacks

Microsoft made an interesting change in one of the latest development-stage builds of Windows 11: the account lockout policy is enabled by default. What does that mean ? What can it be used for?

With the account lockout policy enabled by default, and according to the configuration in place in this new build, Windows 11 will lock a user account for 10 minutes in case there are 10 failed login attempts within 10 minutes. This also applies to the local Administrator account.

On Twitter, Microsoft’s David Weston posted a tweet with the details of this new account lockout policy. Until now, although supported, this feature was configured to never lock an account, even with several dozen or hundreds of login attempts.

This change made in the build “Windows 11 Insider Preview 22528.1000” will allow fight against brute force attacks, i.e. when trying to loop through passwords to try to log into a user account. As part of Windows 11, this protection can be particularly useful on RDP access (if it is active) via Remote Desktop since the workstation may be the victim of a brute force attack from another machine on the network.

In terms of security, this is a good point to ensure a minimum level of protection for all Windows 11 users. David Weston specifies: “This technique is very commonly used in ransomware attacks and other attacks. This control will make brute force much harder, which is awesome!“.

Users of Windows 10 and other versions of Windows, be aware that you can manually configure the account lockout policy on a local machine, or via an Active Directory as I explained in a previous tutorial (see here).


By admin

Leave a Reply

Your email address will not be published. Required fields are marked *