Mon | Jul 25, 2022 | 3:41 PM PDT

Microsoft has revealed plans for a new security default in Windows 11 that will help defend against credential stuffing and brute force attacks that aim to access remote desktop protocol (RDP) endpoints.

The security feature will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts.

This new default feature is part of Microsoft's plan to raise the security baseline to meet the constantly changing threat landscape.

Ransomware operators are surely not happy with this update, as RDP remains one of the top methods for initial access in ransomware deployments, with many cyber gangs specializing in compromising RDP endpoints and selling them to others for access, according to a report from ZDNet.

David Weston, Vice President of OS Security and Enterprise at Microsoft, shared this tweet last week:

In response, Kevin Beaumont, a popular security researcher in the U.K. who has over 140,000 followers on Twitter, thanked David and said he now owes him a beer:


Researchers say that this update is "big news" and parallels Microsoft's default block on internet macros. For years, internet macros in Microsoft Office have been some of the primary vectors for ransomware operators, as this allows them to conduct attacks through email attachments and links.

Microsoft has not officially announced how it will roll out the new security default to Windows 10 and 11, but it is possible we will see it in an upcoming security update soon.

Weston said the feature should initially be available in the Windows 11 Insider preview build 22528.1000 and upwards.