Microsoft deploys a new tool to protect its OS from ransomware

By activating the locking of user accounts in Windows in the event of repeated access via Remote Desktop Access, Microsoft could put a stop to the vast majority of ransomware attacks in the world.

Microsoft has decided to beef up its anti-malware tools a bit. In this case, the Redmond giant wants to limit the impact of two types of attacks, those that use compromised identifiers and those that go through brute force attacks, in order to find a password.

Both methods have in common that they use the Remote Desktop Access Protocol (RDP). A protocol that is unfortunately often accessible online without control. To the point, moreover, that this method is still among the most popular among hackers. In 2020, the FBI indicated that this network approach still accounted for 70 to 80% of the attacks carried out. More than a success, market domination! To the point that some groups have specialized in compromising RDP endpoints in order to sell access to other groups.

This new feature is now available for Windows 11 (client and server) in the Insider Program. Interestingly, Microsoft is also going to port it to Windows 10, so both of its operating systems are protected. Which is a good thing because companies don’t always switch quickly to the latest version of an OS.

” The builds Windows 11 now have a default account lockout policy to reduce DRP or brute force attack vectors”, explains David Weston, vice president in charge of security of operating systems for Microsoft, in a tweet. This concerns all types of accounts, even (and especially) those with administrator rights.

David Weston insists on the “default” because this function already exists as an option that can be activated in Windows 10.

The account lockout is ten minutes and it is now only possible to make ten attempts, before having to wait another ten minutes. This more restrictive approach should also have effects on other types of brute force attacks, such as those used to circumvent multi-factor authentication (MFA).

This new default setting, coupled with macro blocking in Office, which should resume soon after a break, shows that Microsoft clearly intends to secure operating systems in professional and personal environments. The objective is to complicate the task of the attackers, in order to reduce the number of them. The economic equation of an attack is very important, if it becomes harder, it is less profitable, or requires rarer skills.

Source :

ZDnet US

Leave a Comment