Windows - Protection anti-brute force

Windows can block brute force attacks on the administrator account

Microsoft has just announced that all Windows machines where the October 2022 Update is installed can take advantage of a new security feature that consists of blocking brute force attacks on the administrator account.

Unveiled last July by David Weston, this new security-oriented feature aims to strengthen the protection of the Administrator account on Windows machines. Until now, we had been able to get a glimpse of Microsoft’s work only in the builds of Windows 11 in the development phase.

Today we learn that Force brute force protection on the Windows Administrator account is a feature available on all Windows machines where the October 2022 Cumulative Update is installed. Microsoft specifies : “In order to prevent new attacks/attempts by brute force, we are implementing a locking of administrator accounts.“.

This results in the appearance of a new GPO parameter (local or Active Directory) named “Allow Administrator account lockout“.

As an example, here is the local policy for a Windows 10 machine before installing the October Update (Windows 10 October 2022 Updates: KB5018410 and KB5018419):

Windows 10 - Before KB of October 2022

Then, after installing the update, we can see that a new parameter is available:

Windows 10 - After KB of October 2022

Attention, this new parameter will be activated by default on new installations of Windows 11 22H2, as well as any freshly installed Windows machines with the October 2022 Update deployed before the machine was fully initialized. Otherwise, it requires to do the configuration manually.

Microsoft recommends adopting the following setting for account lockout: lock a user account for 10 minutes in case there is 10 failed login attempts in a 10 minute time frame.

Microsoft also announced that local administrator accounts should use more complex passwords. Indeed, they”must have at least three of the four basic character types (lowercase, uppercase, numbers and symbols)“. Always with the objective of protecting administrator access.

Note that you can manually configure the account lockout policy through an Active Directory as I explained in a previous tutorial (see here).

Source

Logiciel – OS,Microsoft,Windows,

#Windows #block #brute #force #attacks #administrator #account

Leave a Comment

Your email address will not be published. Required fields are marked *