Microsoft Releases Policy to Further Prevent Brute Force Attack Attempts
Earlier this week, Microsoft announced additional protection against brute force attacks, one of the most common methods used to attack Windows machines. IT admins can now configure a group policy to automatically block brute force attacks targeting local administrator accounts on any Windows system still receiving security updates. Read the full announcement from Microsoft here.
“In an effort to prevent further brute force attacks/attempts, we are implementing account lockouts for Administrator accounts. Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts.” Previously, this feature was only available for Windows 11, as announced by Microsoft’s Vice President of Enterprise and OS Security, David Weston, in July.
In addition to this, Microsoft is now also enforcing password complexity for local administrators. Microsoft says “the password must have at least three of the four basic character types (lower case, upper case, numbers, and symbols).”