Default protection in Windows 11
The default policy given by Microsoft is for windows 11 build 22528.1000. It will instantly lock the accounts for ten minutes if 10 invalid sign-in attempts are carried out. Though this account locking feature was already available in Windows 10 but it was not enabled by default. In Windows 11 this feature will automatically work. The objective of adding the default protection is to weaken the efficiency of RDP attack vector and foresee invasions that use password guessing and IDs.
Protection Against RDP Brute-Force Attacks
As is said by David Weston, Microsoft’s vice president for OS security and enterprise:
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks — this control will make brute forcing much harder which is awesome!”
Brute–forced RDP access is the favorite of all the possible methods used among the threat actors. With the help of this method, they gain unauthorized access to Windows systems. The company representative said last year:
“Brute-forcing RDP is the most common method used by threat actors attempting to gain access to Windows systems and execute malware. Threat actors scan for […] publicly open RDP ports to conduct distributed brute-force attacks. Systems that use weak credentials are easy targets, and, once compromised, attackers sell access to the hacked systems on the dark web to other cybercriminals.”
Malicious macros, LockBit, Conti, Dharma, Hive, SamSam, and Crysis are also dangerous hazards that attack the systems and create a great mess. These rely on RDP for holding the roots and then, later on, display their hideous actions.
The steps taken by Microsoft will surely raise the security baseline for windows 11 and will meet the surfacing risk landscape.
Also Read: Microsoft is giving Windows 11 an attractive useful taskbar – PhoneWorld