As reported by BleepingComputer (opens in new tab), recent Windows 11 Insider builds now come with the software giant’s Account Lockout Policy enabled by default. This policy automatically locks user accounts as well as admin accounts for 10 minutes after 10 failed sign-in attempts. While this new policy may be annoying for users who frequently forget or type their Windows passwords incorrectly, brute forcing is a common tactic used by hackers when trying to gain access to your Windows PC using RDP if they don’t know the password. In a recent tweet (opens in new tab), VP for enterprise and OS security at Microsoft, David Weston provided further insight on the company’s new Account Lockout Policy, saying: “Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!”
Also coming to Windows 10
Although Microsoft’s new Account Lockout Policy will roll out to stable builds of Windows 11 first, it’s also being backported to devices still running Windows 10. Unfortunately, it’s not enabled by default and admins will need to go into the operating system’s Group Policy Management Console to turn it on. RDP has been used for years now to easily allow employees to connect to their office computers while working from home but it became incredibly important during the pandemic when remote working became the norm. As attacks targeting RDP services have increased, so too have the number of dark web marketplaces selling stolen RDP credentials.
Making things difficult for ransomware groups
In addition to making Windows passwords more difficult to brute force using automated tools, Microsoft has also made a number of security-focused changes to better protect Windows users. These include automatically blocking macros in Office when opening documents downloaded from the internet and requiring users to enable multi-factor authentication (MFA) in Azure Active Directory. RDP is often used as an initial access point when infecting Windows systems with ransomware, so Microsoft’s new Account Lockout Policy will prevent hackers from figuring out users’ passwords which will hopefully stop them from launching ransomware attacks.
