In the latest Windows 11 builds, Microsoft introduced default Account Lockout Policy which will automatically lock user accounts after 10 consecutive failed login attempts for 10 minutes.
The account brute forcing process involves inputting a massive number of passwords consecutively using automated tools. The new policy blocks such attacks and can be found in Windows 11 Insider Preview Build 22528.1000 and newer.
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston, Microsoft’s VP for Enterprise and OS Security, stated. “This technique is commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome!”
Brute forcing credentials is a common methodology employed by hackers to infiltrate Windows systems via Remote Desktop Protocol (RDP) when they don’t know the account passwords. The use of Remote Desktop Services is so popular among hackers that the FBI said RDP is responsible for nearly 70-80% of all network breaches leading to ransomware assaults.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: