The Windows 11 SMB server from Microsoft has been given a release update, aimed at improving the system''s ability to defend against brute force attacks.
The Insider Preview Build 25206, recently pushed to the Dev Channel, is enabled by default in the operating systems.
A number of additional features have been tweaked to make these attacks less effective.
In a blog post (opens in a new tab) revealing the news, the SMB server service now defaults to a two-second default between each failed inbound NTLM authentication.
"This means that if an attacker received 300 brute force attempts per second from a client for 5 minutes (90,000 passwords) then the same number of attempts would now take 50 hours at a minimum."
In other words, by following the feature on, there is a delay between each unsuccessful NTLM authentication attempt, reducing the deployment time for the SMB server.
"The goal here is to make a Windows client an unattractive challenge, whether in a workgroup, or for its local accounts when connected to a domain," Microsoft''s Amanda Langowski and Brandon LeBlanc chimed in.
The authentication rate limiter, which is not enabled by default, was first introduced to Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds six months ago. The SMB server, on the other hand, does launch automatically on all versions. However, it must be exposed to the internet by manually opening a firewall.
This command is necessary for those interested in discovering the new feature.
InvalidAuthenticationDelayTimeInMs n Set-SmbServerConfiguration
"This behavior change has no impact on Kerberos, which authenticates before an application protocol like SMB connects. It is intended to be a further layer of defense in depth, especially for devices that are not connected to domains, such as home users," Pyle said.