Security News > 2022 > July > Microsoft adds default protection against RDP brute-force attacks
"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet.
Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.
The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold - a specific number of failed logon attempts - after which a user account will be locked.
The default blocking of VBA macros rollout continues.
In February 2022, Microsoft announced the default blocking of VBA macros obtained from the internet for five Office apps that run macros.
"If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change," she added.
News URL
https://www.helpnetsecurity.com/2022/07/21/microsoft-protection-rdp-brute-force-attacks/
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)