
close
close
Chance to win $250 in Petri 2023 Audience Survey
Microsoft has announced the release of a new Windows Server Insider Preview Build 25075. The latest build is for the next Long-Term Servicing Channel (LTSC) release for the OS, which should be Windows Server version 2022.
This new Windows Server build brings new security capabilities that should help organizations to prevent brute-force dictionary attacks. Microsoft has introduced a new SMB NTLM authentication limiting feature, which adds a 2-second delay between each failed New Technology LAN Manager (NTLM) or PKU2U-based authentication request.
“Starting in Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes, the same number of attempts would now take 25 hours at a minimum,” the Windows Server Insider team explained.
For those unfamiliar, the Server Message Block (SMB) is a popular file server protocol. It lets users communicate with remote PCs and servers to access their resources such as files and directories or perform tasks like sharing, opening, and editing documents.
The SMB server service is usually enabled on non-file server machines so that users can access remote files and copy logs. However, threat actors could abuse the SMB authentication mechanism to launch brute-force dictionary attacks on vulnerable machines. The new SMB NTLM authentication limiting feature allows IT Admins to slow down the brute force attacks targeted at SMB endpoints.
The Windows Server Insider team has recently released a 3-minute video demonstration of the SMB NTLM Authentication Rate Limiter feature.
Keep in mind that this new SMB NTLM Authentication Rate Limiter is still an experimental feature, and it may trigger issues with select third-party applications. The company also encourages Windows Server users to provide their feedback on the Feedback Hub.
Microsoft is also planning to bring this feature to Windows 11 Insider Dev Channel and Windows Server Azure Edition Insider builds in the coming weeks. If you’re interested, you can learn more about the new SMB NTLM authentication rate limiter on Microsoft’s official blog post.
More in Windows Server
Microsoft Rolls Out Fix for LSASS Memory Leak Bug Affecting Windows Server
Dec 14, 2022 | Rabia Noureen
Latest Patch Tuesday Updates Cause Freezes, Reboots on Domain Controllers
Nov 25, 2022 | Rabia Noureen
Microsoft Releases Fix for Kerberos Authentication Issues on Domain Controllers
Nov 18, 2022 | Rabia Noureen
Most popular on petri