Microsoft has made some security improvements against brute force attacks against RDP (Remote Desktop Protocol) in the latest version of the Windows 11 Operating system. 

What Microsoft security enhancement is providing towards Brute Force attacks

As the Brute Force attacks are increasing rapidly by abusing RDP protocols, Microsoft had decided to add the security measures in the latest version of Windows 11 with OS build 22528.1000. This new improvement automatically locks the windows accounts for 10 invalid login attempts within 10 mins as per Microsoft updates.

Most of the Ransomware uses these types of attacks against RDP which is common in human-operated ransomwares. But by implementing this security feature on the latest Windows versions it will be difficult for cyber criminals to accomplish these attempts. However, Microsoft attempted to activate this feature in Windows 10 itself but by default, it’s been implemented in Windows 11 OS as a security feature to defend against cyberattacks.

Default policy has been enabled in the following path: Computer Configuration\Windows Settings\Security Settings\ Account Policies\ Account Lockout policy. 

And the other feature update that is expected has happened with the blocking of VBA macros for office documents. And the same features will be implemented in the latest versions of windows and Windows Servers. Brute Force access has been mostly used techniques of cyberattacks which is enabled now.

Microsoft has made these security changes by observing the previous cyber-attacks which are gaining initial unauthorized access to windows systems. Most of the ransomware categories such as Lock bit, Hive, PYSA, SamSam, Conti, and Dharma are known commonly to be abused by these types of RDP attacks on the infected computers.

How does this security measure affect the Microsoft?

Microsoft hopes to significantly reduce the initial unauthorized access to the infected systems which use the latest version of the Windows Operating System. However, with the new implementation cyberattacks can be reduced against the weak or default passwords used on the windows systems.

But Microsoft warns that these new security features can be exploited by cybercriminals groups by Using DDoS attack techniques. In that case, it would be possible to launch brute force attacks in parallel to the enterprise accounts against RDP which would help them in blocking the attempts with new security enhancements by Microsoft on its Products.

By Michael

Writer of Infohaunt is an Cyber Security Professional have experience in SOC operations, Threat Management, Incident Response, Threat Hunting, Digital Forensics.