Windows 11 to offer better protection against brute-force attacks

Share post:

The newly released Windows 11 Insider Preview Build 25206 for the Dev Channel will ensure that Windows 11 SMB server is better protected against brute-force attacks.

Microsoft has enabled the SMB authentication rate limiter by default and tweaking some of its settings to make such attacks less effective. Once turned on, the feature adds a delay between each failed NTLM authentication as additional protection for the SMB server service.

While the SME server will be launched automatically on all versions of Windows, it is only exposed to the internet only if the firewall is opened manually or a customer SMB share is created to open it.

“With the release of Windows 11 Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication. This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take 50 hours at a minimum,” said Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group.

Administrators who want to take advantage of the new security feature on systems running Windows Server can activate it manually with the PowerShell command “Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n.”

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways