Microsoft Blocks RDP Brute-Force Attacks by Default in Windows 11

Buy Bitdefender In India

In the latest Windows 11 builds, Microsoft enabled the Account Lockout Policy by default, which doubles as a fail-safe against RDP brute-forcing attempts.

The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.

Brute-force attacks involve inputting a massive number of passwords consecutively, most commonly relying on automation and scripts or extracting them from a dictionary file. As the Account Lockout Policy blocks accounts that input the wrong password 10 times in a row, it could defeat brute-forcing.

Microsoft implemented the changes in its latest Windows 11 builds, starting with Insider Preview 22528.1000.

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” said Microsoft VP for Enterprise and OS Security David Weston in a tweet yesterday. “This technique is very commonly used in Human Operated Ransomware, and other attacks – this control will make brute forcing much harder,” the announcement continues.

Although Microsoft only enabled the Account Lockout Policy by default on Windows 11, the feature is also available on Windows 10. However, it requires manual activation, which you can do by following these steps:

  1. Hit the Win key on your keyboard and type Group Policies
  2. Open Edit group policies
  3. Head to Local Computer Policy >Windows Settings > Security Settings > Account Policies > Account Lockout Policy
  4. Set the Account lockout duration, Account lockout threshold, and Reset account lockout counter after settings according to your preferences

This is not Microsoft’s first attempt to diminish the efficacy of certain types of cyberattacks by disabling features in its products by default. Earlier this year, Microsoft announced disabling Visual Basic for Applications (VBA) macros by default in some of its products. Although the company recently withdrew its decision, it seems to have come around and disabled the macros by default for good.