Windows server

Microsoft: Latest Windows Server Build 25075 Makes Brute Force Hacks Super Difficult

By Terry J. Morgan

Microsoft has released a new Windows Server Long-Term Servicing Channel (LTSC) preview build. New build 25075 strengthens defenses against brute force dictionary attacks. Microsoft has accomplished this by implementing an authentication rate limiter where a default delay of 2 seconds between each New Technology LAN Manager (NTLM) or Challenge/Response authentication failure.

According to the company, this simple delay increases the time it takes to execute such attacks outrageously. In its example, Microsoft indicates that 300 5-minute attempts would now require more than a full day (25 hours):

Starting with Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default delay of 2 seconds between each NTLM-based authentication failure. This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes, the same number of attempts would now take a minimum of 25 hours.

However, Microsoft has also warned that this could cause issues with some third-party apps, so this is an Insider feature only at this time. If any issues arise, Microsoft has asked users to report bugs in case the problem goes away when the feature is disabled. If, however, the problem persists, there is likely something else at play. The company notes that:

This setting is controllable by an administrator and can also be disabled. The default time and behaviors may change after we evaluate Insiders usage and gather feedback; it’s also possible that some third-party apps may experience issues with this new feature – please use Feedback Hub to report bugs if you find that disabling the feature resolves your app’s issue.

Here’s how the new SMB NTLM authentication rate limiter works:

This functionality is controlled with the PowerShell cmdlet:

      Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

The value is in milliseconds, must be a multiple of 100, and can be between 0 and 10,000. Setting to 0 disables the function.

To see the current value, run:

     Get-SmbServerConfiguration

Downloads available:

  • Windows Server Long-Term Servicing Channel Overview in ISO format in 18 languages, and in VHDX format in English only.
  • Overview of Microsoft Server languages ​​and optional features

Keys are only valid for preview builds:

  • Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
  • Data center: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67

You can find the official release notes here.

Related posts:

  1. WatServ obtains an advanced specialization for the migration of Microsoft Windows Server and SQL Server to Microsoft Azure
  2. Marvell Technology: Do you have any chemistry? Windows Server 2022 and Marvell QLogic Fiber Channel
  3. Windows Server 2022 is here! – Virtualization review
  4. KB2757011 interrupts Remote Web Access in SBS / WHS11 – Fixed!
Terry J. Morgan
You might also like More from author

Comments are closed.