Microsoft’s SMB Server service on Windows 11 has received an update aimed at better defending it against brute force attacks.
In the latest Windows 11 2022 operating system update, Insider Preview Build 25206, which was recently pushed to the Dev Channel, the SMB authentication rate limiter is enabled by default.
In addition, some other settings have been tweaked to make these attacks “less effective”.
“With today’s release of Windows 11 Insider Preview Build 25206 Dev Channel, the SMB Server service now defaults to a 2-second default between each failed incoming NTLM authentication,” said Ned Pyle, principal program manager in the Microsoft Windows Server Engineering Group in a blog post (opens in new tab) Announcing the news.
“This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take at least 50 hours.”
In other words, by toggling the feature, there is a delay between each unsuccessful NTLM authentication attempt, making the SMB server service more resilient to brute force attacks.
“The goal here is to make a Windows client an unattractive target, either in a workgroup or for its local accounts once it’s domain-joined,” agreed Microsoft’s Amanda Langowski and Brandon LeBlanc.
The authentication rate limiter, which is not enabled by default, was first introduced in Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds about six months ago. The SMB server, on the other hand, starts automatically in all versions. However, it must be exposed to the internet by manually opening a firewall.
Those interested in trying out the new feature will need to run this PowerShell command:
Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n
“This behavior change does not affect Kerberos, which authenticates before an application protocol such as SMB connects. It is intended to provide another layer of defense in depth, especially for devices that are not domain-joined, such as B. Home users,” Pyle also said
https://www.techradar.com/news/windows-11-now-has-much-better-protection-against-brute-force-attacks Windows 11 now has much better protection against brute-force attacks