Windows 11 now blocks RDP brute force attacks by default

Brute-force cracking is the most common attack method on the Internet. Attackers only need to make a password dictionary in advance to use scripts to perform high-frequency login attempts. Therefore, if the account password used by the user is a weak password, it is easy to be exposed, which is also common in Windows Remote Desktop.

In the underground black market, the sale of remote desktop passwords is also a big deal. There have been cases where the remote desktop passwords of multiple control systems of an airport have been sold. For this reason, Microsoft began to implement the RDP brute-force attack blocking strategy in Windows 11. If 10 failed sign-in attempts, it will be locked for 10 minutes.

Windows 11 Account Lockout Policy (David Weston)

Supported versions are Windows 11 Build 22528 and above, which is the beta version currently being tested in the Windows 11 22H2 channel. By default, Microsoft changed its RDP policy to prevent brute force attacks. In fact, this policy can be changed in group policy, but it has not been changed by default before. Other versions, such as the original versions of Windows 10 and Windows 11, should also enable this policy in the future to improve the security of various devices.
Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston, Microsoft’s VP for Enterprise and OS Security, tweeted Thursday.

This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome!

Via: bleepingcomputer