- Jul 25, 2022

Minimizing the RDP attack vector with Microsoft Account Lockout Policy

Microsoft announced that in the latest Windows 11 builds the Account Lockout Policy was enabled by default, which doubles as a fail-safe against Remote Desktop Protocol (RDP) brute-forcing attempts.

Apparently, this change will soon be backported to older Windows versions, especially the Server editions.

RDP is a Microsoft protocol that enables administrators to access desktop computers. It is a popular remote access tool with the shift to remote working. Since it gives the user complete control over the device, it is a valuable entry point for threat actors, especially ransomware operators.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.

The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.

Find out more Help Net Security

Moscow OT Infrastructure Breached: the Lessons

Here we go again: A Public-Facing Vulnerability in Palo Alto Networks Firewalls

Supply chain attack against open source?

Ransomware accelerates the move to cloud services? The British Library case

The latest SEC cybersecurity incident disclosures - what's the result so far?

UnitedHealth ransomware attack - what's behind it?

Business Email Compromise (BEC), more costly than ransomware?

Latest Exchange vulnerability not serious, but a warning for customers

The Ivanti Blunder - Consider the Risks

Another Vulnerability, Another Scramble for Patching - This Time Fortinet