Minimizing the RDP attack vector with Microsoft Account Lockout Policy

Microsoft announced that in the latest Windows 11 builds the Account Lockout Policy was enabled by default, which doubles as a fail-safe against Remote Desktop Protocol (RDP) brute-forcing attempts.

Apparently, this change will soon be backported to older Windows versions, especially the Server editions.

RDP is a Microsoft protocol that enables administrators to access desktop computers. It is a popular remote access tool with the shift to remote working. Since it gives the user complete control over the device, it is a valuable entry point for threat actors, especially ransomware operators.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.

The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.

Find out more Help Net Security