Security News > 2022 > July > Microsoft adds default protection against RDP brute-force attacks
"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet.
Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.
The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold - a specific number of failed logon attempts - after which a user account will be locked.
The default blocking of VBA macros rollout continues.
In February 2022, Microsoft announced the default blocking of VBA macros obtained from the internet for five Office apps that run macros.
"If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change," she added.
News URL
https://www.helpnetsecurity.com/2022/07/21/microsoft-protection-rdp-brute-force-attacks/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)