When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft: Latest Windows Server build 25075 makes brute-force hacks super challenging

Neowin · with 5 comments

Windows Server logo with 2022 and Long Term Servicing Channel written against the Windows wallpaper

Microsoft has released a new Windows Server Long-Term Servicing Channel (LTSC) Preview build. The new build 25075 strengthens the defenses against brute-force dictionary attacks. Microsoft has accomplished this by implementing an Authentication rate limiter where a default 2-second delay between each failed New Technology LAN Manager (NTLM) or Challenge/Response authentication.

According to the company, this simple delay increases the time required for executing such attacks by insanely big proportions. In its example, Microsoft says that a 5 minute long 300 attempts would now require more than a full day (25 hours):

Starting in Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default 2-second delay between each failed NTLM-based authentication. This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes, the same number of attempts would now take 25 hours at a minimum.

However, Microsoft has also warned that doing so can cause issues with certain third-party applications, which is why right now, it is only an Insider feature. If issues come around, Microsoft has requested users to file for bugs in case the problem goes away when the feature is turned off. If, however, the issue persists, there is probably something else at play. The company notes that:

This setting is controllable by an administrator and can also be disabled. It's possible the default time and behaviors may change after we evaluate usage in Insiders and take feedback; it's also possible some third-party applications may have problems with this new feature - please use Feedback Hub to file bugs if you find that disabling the feature resolves your application's issue.

Here's how the new SMB NTLM Authentication Rate Limiter works:

This feature is controlled with PowerShell cmdlet:

      Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

The value is in milliseconds, must be a multiple of 100 and can be 0-10000. Setting to 0 disables the feature.

To see the current value, run:

     Get-SmbServerConfiguration

Available Downloads:

  • Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
  • Microsoft Server Languages and Optional Features Preview

Keys are valid for preview builds only:

  • Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
  • Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67

You can find the official release notes here.

Report a problem with article
The new Ubuntu logo
Next Article

Canonical updates the Ubuntu logo in time for 22.04 LTS

Windows 365 logo and UI with Android and Linux penguin logos on both sides
Previous Article

You will soon be able to virtualize Linux and Android on Windows 365

Join the conversation!

Login or Sign Up to read and post a comment.

5 Comments - Add comment