Windows Server Insider Build 25075 Brings New Brute Force Attack Prevention Capabilities
Microsoft has announced the release of a new Windows Server Insider Preview Build 25075. The latest build is for the next Long-Term Servicing Channel (LTSC) release for the OS, which should be Windows Server version 2022.
This new Windows Server build brings new security capabilities that should help organizations to prevent brute-force dictionary attacks. Microsoft has introduced a new SMB NTLM authentication limiting feature, which adds a 2-second delay between each failed New Technology LAN Manager (NTLM) or PKU2U-based authentication request.
“Starting in Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes, the same number of attempts would now take 25 hours at a minimum,” the Windows Server Insider team explained.
For those unfamiliar, the Server Message Block (SMB) is a popular file server protocol. It lets users communicate with remote PCs and servers to access their resources such as files and directories or perform tasks like sharing, opening, and editing documents.
The SMB server service is usually enabled on non-file server machines so that users can access remote files and copy logs. However, threat actors could abuse the SMB authentication mechanism to launch brute-force dictionary attacks on vulnerable machines. The new SMB NTLM authentication limiting feature allows IT Admins to slow down the brute force attacks targeted at SMB endpoints.
The Windows Server Insider team has recently released a 3-minute video demonstration of the SMB NTLM Authentication Rate Limiter feature.
The SMB NTLM Authentication Rate Limiter feature can cause issues with select third-party apps
Keep in mind that this new SMB NTLM Authentication Rate Limiter is still an experimental feature, and it may trigger issues with select third-party applications. The company also encourages Windows Server users to provide their feedback on the Feedback Hub.
Microsoft is also planning to bring this feature to Windows 11 Insider Dev Channel and Windows Server Azure Edition Insider builds in the coming weeks. If you’re interested, you can learn more about the new SMB NTLM authentication rate limiter on Microsoft’s official blog post.
More in Windows Server
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft Confirms May 2022 Patch Tuesday Updates Cause AD Authentication Issues
May 12, 2022 | Rabia Noureen
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Support for Windows Server 2012 R2 and 2016
Apr 14, 2022 | Rabia Noureen
Microsoft Lets Windows Server Admins Opt-In for Automatic .NET Updates
Apr 13, 2022 | Rabia Noureen
Most popular on petri