Minimizing the RDP attack vector with Microsoft Account Lockout Policy
- Admin
- Jul 24, 2022
- 1 min read
Microsoft announced that in the latest Windows 11 builds the Account Lockout Policy was enabled by default, which doubles as a fail-safe against Remote Desktop Protocol (RDP) brute-forcing attempts.
Apparently, this change will soon be backported to older Windows versions, especially the Server editions.
RDP is a Microsoft protocol that enables administrators to access desktop computers. It is a popular remote access tool with the shift to remote working. Since it gives the user complete control over the device, it is a valuable entry point for threat actors, especially ransomware operators.
Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.
The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.
Find out more Help Net Security
![[Webinar] NIS2 is Here - What Now?](https://static.wixstatic.com/media/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png/v1/fill/w_1000,h_1000,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png)
![[Webinar] NIS2 is Here - What Now?](https://static.wixstatic.com/media/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png/v1/fill/w_1220,h_1220,fp_0.50_0.50,q_95,enc_avif,quality_auto/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png)
