Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Your Azure credentials can be leaked due to this Windows 365 vulnerability
3 min. read
Published onAugust 17, 2021
published onAugust 17, 2021
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
It seems that Microsoft can’t catch a break when it comes to dealing with vulnerabilities and the continuous exploitation of some of them.
And besides the neverending PrintNightmare story, now a serious vulnerability affecting Windows 365, the company’s new cloud PC service.
Thi unexpected issue would allow a malicious third party to gain the Azure credentials of individuals logged into Windows 365.
This Windows 365 vulnerability can lead to information leaks
A security researcher found a way to dump people’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s newWindows 365 Cloud PC serviceusing Mimikatz.
If you’re not familiar with the term, Mimikatz is an open-source cybersecurity project created byBenjamin Delpy, that gives researchers the ability to test various credential stealing and impersonation vulnerabilities.
Part of the message that can be found on this project’sGitHub pagehints at the easiness with which such tools can be used to extract private information.
It’s well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket, build Golden tickets, play with certificates or private keys, vault, … maybe make coffee?
Initially created for researchers, because of the power of its many modules, it is also used by hackers in order to dump plaintext passwords from the memory of the LSASS process or perform pass-the-hash attacks using NTLM hashes.
By utilizing this efficient tool, malicious individuals can spread laterally throughout a network until they control a Windows domain controller, thus allowing them to take over it.
Would you like to try to dump your#Windows365Azure passwords in the Web Interface too?A new#mimikatz?release is here to test!(Remote Desktop client still work, of course!)>https://t.co/Wzb5GAfWfdcc:@awakecoding@RyManganpic.twitter.com/hdRvVT9BtG
Let’s just say that for most people, there won’t be a major risk, assuming that they’re not sharing PC admin privileges with anyone they don’t trust.
But seeing how many people fall victim to phishing schemes, which then results in handing over control of your PC to an unknown assailant, it’s not uncommon.
Once inside, they can remotely run applications and programs on your machine, they can easily utilize the program to sweep up your Azure credentials through Windows 365.
Windows 365 is a business-and-enterprise-orientated feature so you might imagine how dangerous credential theft would be.
These credential dumps are being done through avulnerability he discovered in May 2021, one that allows him to dump the plaintext credentials for users logged into a Terminal Server.
Tools such as Windows Defender Remote Credential Guard would usually prevent this issue from existing and threatening users but such tools don’t exist in Windows 365 yet, leaving it vulnerable.
Remember to do everything in your power to protect your credentials and other sensitive data, by not sharing it and making sure you only download from accredited websites.
Have you ever been the victim of information leaks? Share your experience with us in the comments section below.
Vlad Turiceanu
Windows Editor
Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.
Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Vlad Turiceanu
Windows Editor
Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.
