Your IT Consultant

Microsoft Blocks Brute Force Attacks on Admin Accounts

October 12, 2022

Cyber criminals are constantly looking for ways to gain unauthorized access to computer systems. While gaining access to a user account gets your foot in the door, having administrator rights is the golden ticket. BleepingComputer reported that Microsoft is helping by automatically blocking brute force attacks on administrator accounts via a group policy. Microsoft’s VP for Enterprise and OS Security, David Weston, said, “Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome!”

He further stated, “Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts.” There is now a new account lockout policy in the registry. All new machines running Windows 11 22H2 or the October 2022 cumulative updates will have the value available. To see if the setting is enabled, go to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com