Azure credentials at risk due to Windows 365 vulnerability

Windows 365 users, make sure your credentials are safe.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

No more than a few days ever pass between massive Windows-related PC vulnerability stories. Currently, there’s the neverendingPrintNightmare saga, as well as a serious vulnerability affectingWindows 365, Microsoft’s new cloud PC service. The issue would allow a malicious individual to gain the Azure credentials of individuals logged into Windows 365.

As reported byBleepingComputer, you’d need to have administrative privileges in order to run the specific program capable of exploiting the vulnerability and putting Azure credentials in plaintext. So, for most people, there won’t be a major risk, assuming they’re not sharing PC admin privileges with anyone they don’t trust. However, imagine you’re one of the many people who fall victim tophishing schemes, which then results in handing over control of your PC to a cybercriminal. Once they’re in there and can remotely run applications and programs on your machine, they can easily utilize the program to sweep up your Azure credentials through Windows 365.

Given that Windows 365 is a business-and-enterprise-focused feature, one can imagine how dangerous credential theft would be if one threat actor infiltrates a W365 machine with corporate info running the backend of things.

As Benjamin Delpy told BleepingComputer, Windows Hello, 2FA, Windows Defender Remote Credential Guard, and other tools would typically be the way to prevent the above issue from existing and threatening users, but said tools aren’t in Windows 365 yet, leaving it particularly vulnerable.

Windows 365 is a new service from Microsoft, so there’s a chance all the aforementioned security items will be added in time. For now, watch out. As useful as a cloudWindows 11or Windows 10 PC can be, it’s not without risks.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.