Microsoft SMB server is enabled Windows 11 received an update aimed at improving protection against brute force attacks.
In the latest operating system Windows 11 2022 UpdateInsider Preview build 25206, recently released on the Dev Channel, the SMB authentication rate limiter is enabled by default.
Moreover, several other parameters have been changed to make these attacks “less effective”.
An unattractive target
“Following the release of Windows 11 Insider Preview Build 25206 to the Dev Channel, the SMB Server service now defaults to a 2-second interval between each failed incoming NTLM authentication,” said Ned Pyle, principal program manager, Microsoft Windows Server Engineering Group. in blog post (opens in a new tab) announcing the news.
“This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts will take at least 50 hours.”
In other words, when this feature is enabled, there is a delay between each failed NTLM authentication attempt, which makes SMB server the service is more resilient to brute force attacks.
“The goal is to make the Windows client an unattractive target for both the workgroup and its local accounts when it’s joined to a domain,” added Amanda Langowski and Brandon LeBlanc of Microsoft.
The authentication rate limiter, which is not enabled by default, was first introduced in Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds about six months ago. The SMB server, on the other hand, starts automatically on all versions. However, it needs to be connected to the Internet by manually opening the firewall.
Those interested in trying out the new feature should run the following PowerShell command:
Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n
“This change in behavior does not affect Kerberos, which authenticates before connecting an application protocol such as SMB. It is designed to be another layer of defense in depth, especially for non-domain-joined devices such as home users,” Pyle said.