Microsoft Windows11 OS build now have a Default account lockout policy to mitigate RDP and other brute force attack to take over user accounts with compromising passwords.
Brute forcing RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.
The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold a specific number of failed logon attempts after which a user account will be locked.
From Windows 11 build 22528.1000 and onwards, the account lockout threshold set to 10 failed login attempts in 10 minutes, which should make this type of attack harder to pull off.
The revelation has set off calls for the control to be backported to older Windows and Windows Server version that’s apparently in the works.