"Microsoft Updates Windows 11 With Default Protection From RDP Brute-Force Attacks"
Microsoft is now taking measures to thwart Remote Desktop Protocol (RDP) brute-force attacks as part of the most recent releases of the Windows 11 operating system. Accounts are automatically locked after ten unsuccessful sign-in attempts for ten minutes in Windows 11 builds, namely Insider Preview versions 22528.1000 and newer. Although this account lockout feature is available in Windows 10, it is not enabled by default. The capability is also expected to be backported to earlier versions of Office, following the decision to continue restricting Visual Basic Application (VBA) macros for Office documents. Apart from malicious macros, brute-forced RDP access has long been one of the most common methods used by threat actors to gain unauthorized access to Windows computers. LockBit, one of the active ransomware groups in 2022, is thought to frequently use RDP for its initial foothold and subsequent operations. Other families that have been observed using a similar approach include Conti, Hive, Crysis PYSA, SamSam, and Dharma. The goal of implementing this new threshold is to significantly reduce the potency of the RDP attack vector and to prevent attacks that rely on brute-force password guessing and stolen credentials. This article continues to discuss the new default account lockout policy for Windows 11 builds, brute-forced RDP access as a popular method among threat actors, and how the account lockout threshold policy option may be abused to launch Denial-of-Service (DoS) attacks.