What’s more, a couple of other settings have been tweaked to make these attacks “less effective”.
"With the release of Windows 11 Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication," Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said in a blog post announcing the news.
"This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take 50 hours at a minimum."
In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making the SMB server service more resilient to brute-force attacks.
"The goal here is to make a Windows client an unattractive target either when in a workgroup or for its local accounts when joined to a domain," Microsoft's Amanda Langowski and Brandon LeBlanc chimed in.
The authentication rate limiter, which is not enabled by default, was first introduced to Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds, some six months ago. The SMB server, on the other hand, does launch automatically on all versions. It needs to be exposed to the internet, though, by manually opening a firewall.
Those interested in trying out the new feature need to run this PowerShell command:
Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n
"This behavior change has no effect on Kerberos, which authenticates before an application protocol like SMB connects. It is designed to be another layer of defense in depth, especially for devices not joined to domains such as home users," Pyle also said
- These are the best endpoint protection services right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.