Home > Common Problem > Microsoft's latest Windows Server Build 25075 enhances security, making brute force attacks more challenging

Microsoft's latest Windows Server Build 25075 enhances security, making brute force attacks more challenging

WBOY
Release: 2023-04-21 09:13:09
forward
1187 people have browsed it
微软:最新的 Windows Server build 25075 让暴力破解变得超级具有挑战性

Microsoft has released a new Windows Server Long Term Servicing Channel (LTSC) preview. New version 25075 strengthens defense against brute force dictionary attacks. Microsoft has implemented this by implementing an authentication rate limiter with a default delay of 2 seconds between each failed New Technology LAN Manager (NTLM) or challenge/response authentication.

According to the company, this simple delay significantly increases the time required to execute such an attack. In its example, Microsoft says 300 attempts that are 5 minutes long now take more than a full day (25 hours):

From Windows Insider Build 25069.1000.220302-1408 and later versions of Windows Starting with Windows Server 11 and 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from the client for 5 minutes, the same number of attempts will now take at least 25 hours.

However, Microsoft also warns that doing so may cause issues with some third-party apps, which is why it's an Insider-only feature for now. If an issue occurs, Microsoft has asked users to file a bug in case the problem goes away after turning off the feature. However, if the problem persists, there may be other causes. The company notes:

This setting can be controlled by the administrator and can also be disabled. Default times and behavior may change as we evaluate usage and get feedback from Insiders; some third-party apps may also have issues with this new feature - if you find that disabling the feature resolves your app issues, Please use the Feedback Center to submit bugs.

Here's how the new SMB NTLM authentication rate limiter works:

This feature is controlled by the PowerShell cmdlet:

Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n
Copy after login

The value starts with The unit is milliseconds and must be a multiple of 100, which can be 0-10000. Set to 0 to disable this feature.

To view the current values, run:

 Get-SmbServerConfiguration
Copy after login

Available Downloads:

  • Windows Server Long Term Servicing Channel Preview, ISO format, 18 languages, VHDX format, English only.
  • Microsoft Server Languages ​​and Optional Features Preview

Key valid only for preview builds:

  • Server Standard:MFY9F-XBN2F-TYFMP-CCV49-RMYVH
  • Data Center: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67

You can Find the official release notes here.

The above is the detailed content of Microsoft's latest Windows Server Build 25075 enhances security, making brute force attacks more challenging. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yundongfang.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template