New security feature added to Windows 11 Insider Preview to prevent password-cracking attacks

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft has released Windows 11 Insider Preview Build 25951 (Canary), incorporating advanced security measures to counteract password-cracking crimes. A noteworthy upgrade will enable administrators to impede New Technology Lan Manager (NTLM) over Server Message Block (SMB), a traditional file-sharing protocol. The large-scale strategy aims to eliminate NTLM usage throughout Windows completely.

NTLM, a legacy protocol no longer deemed secure, can be a significant security vulnerability. Prevention of this via SMB client prohibiting NTLM facilitates secure remote outbound connections. The goal is to protect users’ hashed passwords from being circulated to an external server, the tech giant announced in a blog post.

With this new option, an administrator can intentionally block Windows from offering NTLM via SMB. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass hashes. This adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS.

Enabling these safety measures doesn’t mean that NTLM usage needs to be entirely disabled. It gives our enterprise customers access to increased protection,

Plans are underway for further protective enhancements in upcoming Windows Insider releases. The company seeks to empower administrators with the ability to control SMB NTLM blocking for specific servers using an “allow list.” This strategy aims to provide defenses not only against password-cracking attacks but also pass-the-hash attacks and NTLM relay attacks.

Previously, tech experts had raised concerns about NTLM’s susceptibility to pass-the-hash and relay attacks. These types of cyber-attacks can happen when a malicious user gets unauthorized access by successfully guessing the hash value, a unique value derived from hashing a user’s password.

The new security feature is decisive evidence of a larger game plan by Microsoft to end NTLM usage throughout Windows. Keep an eye out for further announcements, as there have been indications of more comprehensive changes in line with this strategy in the coming weeks. In a cybersecurity climate that often seems on edge, this intentional focus on safety delivers much-needed reassurance.