top of page

Minimizing the RDP attack vector with Microsoft Account Lockout Policy

Microsoft announced that in the latest Windows 11 builds the Account Lockout Policy was enabled by default, which doubles as a fail-safe against Remote Desktop Protocol (RDP) brute-forcing attempts.

Apparently, this change will soon be backported to older Windows versions, especially the Server editions.


RDP is a Microsoft protocol that enables administrators to access desktop computers. It is a popular remote access tool with the shift to remote working. Since it gives the user complete control over the device, it is a valuable entry point for threat actors, especially ransomware operators.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.


The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.


Find out more Help Net Security

Comments


Latest news

bottom of page