Microsoft releases Windows 11 update to block password-stealing attacks
With the launch of Windows 11 Insider Preview Build 25951 (Canary), Microsoft has added a new security feature that lets admins block New Technology Lan Manager (NTLM) over the file-sharing protocol Server Message Block (SMB) to prevent password-cracking attacks.
More specifically, the SMB client supports blocking NTLM for remote outbound connections in a change to a legacy protocol that is no longer considered as secure.
Because the change is designed to prevent a user’s hashed password from being sent to a remote server, eligible Windows 11 users can prevent these types of attacks altogether.
SMB NTLM blocking coming to Windows 11
Microsoft worker Ned Pyle summarized the update: “With this new option, an administrator can intentionally block Windows from offering NTLM via SMB. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass hashes.”
Pyle added that the change would allow enterprise customers to access enhanced security without having to disable NTLM usage fully, stating: “A later Windows Insider release will allow administrators to control SMB NTLM blocking to specific servers with an allow list.”
As well as preventing password-cracking attacks, blocking NTLM over SMB can help to prevent pass-the-hash attacks and NTLM relay attacks.
The announcement, which also provided a set of instructions for configuring the option via Group Policy and PowerShell. made no mention of general availability.
However the change is already being made in the Canary Channel and a full release could be on the cards fairly soon as the company looks to implement changes as part of a wider shakeup.
According to Microsoft, the change is one that lays the foundation for a larger strategy to end NTLM usage throughout Windows, and further announcements have been slated for “the coming weeks.”
More from TechRadar Pro
With the launch of Windows 11 Insider Preview Build 25951 (Canary), Microsoft has added a new security feature that lets admins block New Technology Lan Manager (NTLM) over the file-sharing protocol Server Message Block (SMB) to prevent password-cracking attacks. More specifically, the SMB client supports blocking NTLM for remote outbound…
Recent Posts
- NASA shares beautiful timelapse of the Psyche spacecraft’s view over Mars
- There’s a sneaky way to watch World Cup final 2026 for FREE
- How to Watch the World Cup 2026 final halftime show: Free Live Streams, TV Channels & Performers
- I hate that I don’t hate this song made with Suno
- The FBI reportedly won’t investigate ICE anymore
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023