Security News > 2021 > August > Windows 365 exposes Microsoft Azure credentials in plaintext
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz.
On August 2nd, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.
The credential dumps are being done through a vulnerability he discovered in May 2021 that allows him to dump the plaintext credentials for users logged into a Terminal Server.
"Because only the Terminal Server can ask for this kind of own decryption, I had to trick it to decrypt the credentials for me :),". BleepingComputer used a free Cloud PC trial on Windows 365 to test this technique.
You may be wondering what the big deal is if you need to be an Administrator to run mimikatz and you already know your Azure account credentials.
As Windows 365 is geared towards the enterprise, Microsoft will likely add these security features in the future, but for now, it is important to be aware of this technique.
News URL
Related news
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)