Microsoft's latest Windows Server Build 25075 enhances security, making brute force attacks more challenging

Microsoft has released a new Windows Server Long Term Servicing Channel (LTSC) preview. New version 25075 strengthens defense against brute force dictionary attacks. Microsoft has implemented this by implementing an authentication rate limiter with a default delay of 2 seconds between each failed New Technology LAN Manager (NTLM) or challenge/response authentication.

According to the company, this simple delay significantly increases the time required to execute such an attack. In its example, Microsoft says 300 attempts that are 5 minutes long now take more than a full day (25 hours):

From Windows Insider Build 25069.1000.220302-1408 and later versions of Windows Starting with Windows Server 11 and 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from the client for 5 minutes, the same number of attempts will now take at least 25 hours.

However, Microsoft also warns that doing so may cause issues with some third-party apps, which is why it's an Insider-only feature for now. If an issue occurs, Microsoft has asked users to file a bug in case the problem goes away after turning off the feature. However, if the problem persists, there may be other causes. The company notes:

This setting can be controlled by the administrator and can also be disabled. Default times and behavior may change as we evaluate usage and get feedback from Insiders; some third-party apps may also have issues with this new feature - if you find that disabling the feature resolves your app issues, Please use the Feedback Center to submit bugs.

Here's how the new SMB NTLM authentication rate limiter works:

This feature is controlled by the PowerShell cmdlet:

Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

The value starts with The unit is milliseconds and must be a multiple of 100, which can be 0-10000. Set to 0 to disable this feature.

To view the current values, run:

 Get-SmbServerConfiguration

Available Downloads:

• Windows Server Long Term Servicing Channel Preview, ISO format, 18 languages, VHDX format, English only.
• Microsoft Server Languages ​​and Optional Features Preview

Key valid only for preview builds:

• Server Standard:MFY9F-XBN2F-TYFMP-CCV49-RMYVH
• Data Center: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67

You can Find the official release notes here.

The above is the detailed content of Microsoft's latest Windows Server Build 25075 enhances security, making brute force attacks more challenging. For more information, please follow other related articles on the PHP Chinese website!