searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus

Video: Could criminalizing ransomware payments put a stop to the current crime wave?

Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
July 21, 2022
Share

Microsoft adds default protection against RDP brute-force attacks

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet.

Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.

Minimizing the RDP attack vector

The Windows Account Lockout Policy allows enterprise network admins to set a lockout threshold – a specific number of failed logon attempts – after which a user account will be locked.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.

From Windows 11 build 22528.1000 and onwards, the account lockout threshold is, according to Bleeping Computer, set to 10 failed login attempts in 10 minutes, which should make this type of attack harder to pull off.

The revelation has set off calls for the control to be backported to older Windows and Windows Server version – a move that’s apparently in the works.

Yes it’s being backported

— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 21, 2022

The default blocking of VBA macros rollout continues

In February 2022, Microsoft announced the default blocking of VBA macros obtained from the internet for five Office apps that run macros. The change was temporarily rolled back earlier this month, but it’s now back.

“We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share,” Kellie Eickmeyer, Principal Program Manager at Microsoft, announced on Wednesday.

“If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change,” she added.




More about
  • account protection
  • cybersecurity
  • enterprise
  • Microsoft
  • MS Office
  • Windows
Share this

Featured news

  • Three ransomware gangs consecutively attacked the same network
  • Understanding your attack surface is key to recognizing what you are defending
  • Dissecting Google’s Titan M chip: Vulnerability research challenges
5 key things we learned from CISOs of smaller enterprises survey

What's new

LogoKit update: The phishing kit leveraging open redirect vulnerabilities

Three ransomware gangs consecutively attacked the same network

Twilio confirms data breach after its employees got phished

Cyber syndicates are working with amateur attackers to target businesses

Don't miss

Three ransomware gangs consecutively attacked the same network

Twilio confirms data breach after its employees got phished

Understanding your attack surface is key to recognizing what you are defending

Dissecting Google’s Titan M chip: Vulnerability research challenges

Introducing the book: If It’s Smart, It’s Vulnerable

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • Understanding your attack surface is key to recognizing what you are defending
  • Machine learning creates a new attack surface requiring specialized defenses
  • Browser synchronization abuse: Bookmarks as a covert data exfiltration channel
  • Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)

(IN)SECURE Magazine ISSUE 72 (July 2022)

  • 7 threat detection challenges CISOs face and what they can do about it
  • How to set up a powerful insider threat program
  • An offensive mindset is crucial for effective cyber defense
Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise