Security News > 2022 > July > Microsoft adds default protection against RDP brute-force attacks
"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet.
Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.
The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold - a specific number of failed logon attempts - after which a user account will be locked.
The default blocking of VBA macros rollout continues.
In February 2022, Microsoft announced the default blocking of VBA macros obtained from the internet for five Office apps that run macros.
"If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change," she added.
News URL
https://www.helpnetsecurity.com/2022/07/21/microsoft-protection-rdp-brute-force-attacks/
Related news
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)