Security News > 2022 > September > Windows 11 gets better protection against SMB brute-force attacks
Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel.
Redmond has enabled the SMB authentication rate limiter by default and tweaking some of its settings to make such attacks less effective, starting with the latest Windows 11 Insider dev build.
"With the release of Windows 11 Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication," explained Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group.
Although the SMB server will be launched automatically on all Windows versions, it will only be exposed to the Internet if the firewall is opened manually or a customer SMB share is created to open it.
The SMB authentication rate limiter was first introduced in March in Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds, although not enabled by default.
Today's announcement comes after Microsoft revealed several other SMB security enhancements in recent years, including toggling the 30-year-old SMBv1 file-sharing protocol by default and SMB over QUIC reaching general availability in Windows 11 and Windows Server 2022.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)