And besides the neverending PrintNightmare story, now a serious vulnerability affecting Windows 365, the company’s new cloud PC service. Thi unexpected issue would allow a malicious third party to gain the Azure credentials of individuals logged into Windows 365.
This Windows 365 vulnerability can lead to information leaks
A security researcher found a way to dump people’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service using Mimikatz. If you’re not familiar with the term, Mimikatz is an open-source cybersecurity project created by Benjamin Delpy, that gives researchers the ability to test various credential stealing and impersonation vulnerabilities. Part of the message that can be found on this project’s GitHub page hints at the easiness with which such tools can be used to extract private information. Initially created for researchers, because of the power of its many modules, it is also used by hackers in order to dump plaintext passwords from the memory of the LSASS process or perform pass-the-hash attacks using NTLM hashes. By utilizing this efficient tool, malicious individuals can spread laterally throughout a network until they control a Windows domain controller, thus allowing them to take over it. Let’s just say that for most people, there won’t be a major risk, assuming that they’re not sharing PC admin privileges with anyone they don’t trust. A new #mimikatz 🥝release is here to test!(Remote Desktop client still work, of course!)
https://t.co/Wzb5GAfWfd cc: @awakecoding @RyMangan pic.twitter.com/hdRvVT9BtG — 🥝 Benjamin Delpy (@gentilkiwi) August 7, 2021 But seeing how many people fall victim to phishing schemes, which then results in handing over control of your PC to an unknown assailant, it’s not uncommon. Once inside, they can remotely run applications and programs on your machine, they can easily utilize the program to sweep up your Azure credentials through Windows 365. Windows 365 is a business-and-enterprise-orientated feature so you might imagine how dangerous credential theft would be. These credential dumps are being done through a vulnerability he discovered in May 2021, one that allows him to dump the plaintext credentials for users logged into a Terminal Server. Tools such as Windows Defender Remote Credential Guard would usually prevent this issue from existing and threatening users but such tools don’t exist in Windows 365 yet, leaving it vulnerable. Remember to do everything in your power to protect your credentials and other sensitive data, by not sharing it and making sure you only download from accredited websites. Have you ever been the victim of information leaks? Share your experience with us in the comments section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ