Ever since Microsoft announced Windows 11, the company has been bragging about the security of this operating system. From the beginning, those responsible have ensured that it is one of the most advanced and secure versions of the operating system, and that users will be able to use it without fear of falling into the clutches of hackers. However, there is always room for improvement, and with the Windows 11 2022 Update, we can finally say that the system is much more secure. At least, when it comes to network attacks.
Windows has always included a protocol known as SMB. Broadly speaking, this protocol is what allows us to create a local network and connect to other computers within the LAN to share files and resources. Even if we configure the router, we can do it from the Internet. But this protocol, although useful and simple, is also dangerous. If we go back years ago, a security flaw in it was responsible for the massive ransomware attack, WannaCry. And this is just one of many similar cases.
For a long time, SMB is dragging a series of failures, or, rather, weaknesses, which can be exploited to compromise user security. Two of the most serious failures are:
- Low limit on brute force attacks. Anyone can try 90,000 passwords in 5 minutes (300 per second) to gain access to our PC.
- The SMB1 protocol is still active on many PCs, and it is a very outdated and vulnerable version.
Luckily, the new version 22H2 of Windows 11, released in September 2022, finally addresses these and other issues.
Windows 11 improves SMB security
The first thing that Microsoft has done has been to disable the SMB 1.0 protocol by default for the majority of users who are still using it. Some users, especially those who have made clean installations of the system, already had it disabled, but the number of users with this protocol enabled by default was still too high.
From now on, once the new version of the operating system is installed, SMBv1 will be disabled by default in all editions of Windows, including Home. No one should have any problems as it is such an old protocol, but if we do, we can re-enable the protocol (something not recommended).
The second security improvement is that, from now on, every time we perform a failed login attempt, the server will take 2 seconds to accept a new start. This means that to test the 90,000 passwords that used to be tested in 5 minutes, it will now take more than 50 hours. Business users need to better configure Kerberos, an additional authentication system, which comes before SMB, and greatly enhances security.
Finally, for advanced users, SMB is now supported as the network protocol QUICK, which will allow us to take advantage of the security improvements of HTTP/3 and TLS 1.3 to connect securely to our PC through a kind of VPN.
