RDP Brute Force Attacks Blocked By Windows 11

A small but important feature was recently incorporated by the Windows 11 design team.  A new Account Lockout Policy enabled by default has been added.  This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts.

The account remains in a locked state for ten minutes, requiring users to wait that amount of time before they can try again.

The addition was made in a bid to prevent or at least minimize the risk of brute force attacks being made against systems. This is used in instances where different passwords are tried in rapid succession until an attacker gets a hit and is given some level of access on a target system.

It’s an excellent change because many human operated ransomware attacks rely on simple, brute force methods. Statistics gathered on the subject by the FBI indicate that between 70 to 80 percent of network breaches are because of brute force attacks.

The above describes the default settings, but Admins will have a great degree of flexibility in terms of deciding the exact policy.  The number of unsuccessful attempts before lockout can be varied. The lockout duration can be varied. The option to disable Admin accounts can be toggled on or off. Of course, the entire policy can be disabled if an Admin so desires.

Interestingly, Windows 10 has a similar lockout policy but it is not enabled by default, which is the important change here.

We regard this as another of those small but important changes that the Windows 11 team is making designed to make the new OS better, safer, and more secure than anything that Microsoft has released previously.

Kudos to the Microsoft engineers who are working tirelessly to ensure Windows 11 is a smashing success.  If the preview we’ve gotten to this point is any indication, it certainly will be!