1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windows update could help defend against an all-too-common cybera

    From TechnologyDaily@1337:1/100 to All on Wed Oct 12 14:00:04 2022
    Windows update could help defend against an all-too-common cyberattack

    Date:
    Wed, 12 Oct 2022 12:39:06 +0000

    Description:
    All supported Windows versions getting better against brute-force attacks, thanks to a new policy.

    FULL STORY ======================================================================

    It appears the anti-brute-force mechanism Microsoft implemented in Windows 11 less than a month ago is working, as the company has decided to expand it to all other supported versions of the operating system.

    In an announcement, Microsoft explained that IT admins can now configure
    their systems to automatically block these types of attacks against local admin accounts through a group policy.

    "In an effort to prevent further brute force attacks/attempts, we are implementing account lockouts for Administrator accounts," Microsoft said. "Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts." Testing the features with Windows 11

    Microsoft first introduced the change in late September, with the Insider Preview Build 25206, by making the SMB authentication rate limiter enabled by default. A couple of other settings have been tweaked to make these attacks less effective, as well.

    The SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication," Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said at the time.

    "This means if an attacker previously sent 300 brute force attempts per
    second from a client for 5 minutes (90,000 passwords ), the same number of attempts would now take 50 hours at a minimum." Read more

    Check out the best identity management solutions out there


    Windows 11 now has much better protection against brute-force attacks


    Brute-force attacks targeting MSSQL servers, Microsoft warns

    In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making the SMB server service more resilient to brute-force attacks.

    To turn the feature on, IT admins should search Local Computer
    Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies for the Allow Administrator account lockout policy.

    Together with this change, Microsoft also altered how all local admin passwords are set up, requiring at least three of the four basic character types - lower case, upper case, numbers, and symbols. These are the best security keys right now

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/windows-update-could-help-defend-against-an-all -too-common-cyberattack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)