This would now increase the gap between every failed NTLM authentication, making the attack slow and unattractive to the hacker. System admins need to execute a PowerShell command to enable this protection.
Protecting Windows 11 SMB
The Server Message Block (SMB) of Windows OS is one of the many elements that are frequently targeted by hackers – as it gives them deep access to the target’s machine. So to limit it, Microsoft has an authentication rate limiter in place – which restricts the number of times an authentication is made to the system per second. This protection is now made default in Windows 11 SMB servers, Azure machines, and beta builds, with the latest Insider Preview Build 25206 to the Dev Channel. The protection now defaults to a 2-second default between each failed inbound NTLM authentication, thus widening the gap of frequent attacks – i.e., brute force attempts. With this in place, a brute force attack with 300 attempts per second (totaling 90,000 attempts in 5 minutes) will now take 50 hours at a minimum for the same! With this drastic slowing of authentication, the SMB server will hopefully be a less attractive target for the hacker. Well, this needs to be toggled on by the system admins initially by executing the following PowerShell command (where n is the delay time between each failed NTLM auth attempt); Talking about this, the Principal Program Manager of the Microsoft Windows Server engineering group, Ned Pyle, said;
