To injectremotely on a Windows PC, two main methods are used. The use of already compromised that are available on the vast in free access or paying on or the so-called brute force attack which will generate until you find the right sesame. But, in practically all cases, the weak link which makes it possible to use one of these two methods on a remote computer, remains the .
To block or rather mitigate the range of brute force attacks via RDP,has just reacted and provides a security update for Windows 11. The idea is simply to completely lock user accounts for ten minutes in the event of repeated access via access to that is to say when the attackers use the famous RDP protocol.
@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0
— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022
David Weston, vice president of security at Microsoft, announced the activation of the default lock function on his Twitter account. © Twitter
Increase attack time to discourage
The accounts affected by this automatic locking are not only the most sensitive, that is to say those of administrators, but also limited user accounts. After the ten minutes of blocking, if ten other attempts are made, the account is again locked for ten minutes. With this process, brute force attacks are targeted. These hindrances with the temporary blocking of accounts do not at all prevent an attack in, but it comes to limit them, because they require to persist much longer on an account. At this time, the update is available only to recipients of the . It should also be distributed for Windows 10. If this update adds this default lock, you should know that in reality it is already possible to activate the function via Windows 10 and 11 registry.