Mimikatz has been used by a vulnerability researcher to dump a user’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service. Benjamin Delpy designed Mimikatz, an open-source cybersecurity software that allows researchers to test various credential stealing and impersonation vulnerabilities.
Microsoft’s Windows 365 cloud-based desktop service went live on August 2nd, allowing customers to rent Cloud PCs and access them via remote desktop clients or a browser. Microsoft offered free virtual PC trials, which rapidly sold out as consumers hurried to receive their two-month free Cloud PC.
Microsoft announced their new Windows 365 cloud-based virtual desktop experience at the Inspire 2021 conference, which allows organizations to deploy Windows 10 Cloud PCs, as well as Windows 11 eventually, on the cloud. This service is built on top of Azure Virtual Desktop, but it has been modified to make managing and accessing a Cloud PC easier.
Delpy told that he was one of the lucky few who was able to receive a free trial of the new service and began testing its security. He discovered that the brand-new service allows a malicious programme to dump logged-in customers’ Microsoft Azure plaintext email addresses and passwords. The credential dumps are carried out using a vulnerability he identified in May 2021 that allows him to dump plaintext credentials for Terminal Server users. While a user’s Terminal Server credentials are encrypted when kept in memory, Delpy claims he could decrypt them using the Terminal Service process.
To test this technique, BleepingComputer used a free Cloud PC trial on Windows 365. They entered the “ts::logonpasswords” command after connecting through the web browser and started mimikatz with administrative privileges, and mimikatz promptly dumped their login credentials in plaintext.
While mimikatz was designed for researchers, threat actors frequently use it to extract plaintext passwords from the LSASS process’ memory or perform pass-the-hash attacks utilizing NTLM hashes due to the power of its different modules. Threat actors can use this technique to spread laterally across a network until they gain control of a Windows domain controller, allowing them to take control of the entire Windows domain.
To protect against this method, Delpy recommends 2FA, smart cards, Windows Hello, and Windows Defender Remote Credential Guard. These security measures, however, are not yet accessible in Windows 365. Because Windows 365 is oriented toward enterprises, Microsoft is likely to include these security protections in the future, but for the time being, it’s crucial to be aware of the technique.
Source: https://www.ehackingnews.com/2021/08/microsoft-azure-credentials-exposed-in.html
- 11
- 2021
- juurdepääs
- Lubades
- teatas
- Reageerib
- AUGUST
- Taevasina
- BP
- brauseri
- nõuete
- kliendid
- Cloud
- Konverents
- Tarbijad
- kontroller
- volikiri
- Kliendid
- Küberturvalisus
- küberturbe tarkvara
- Avaldage lahti
- avastasin
- kogemus
- tasuta
- tulevik
- HTTPS
- IT
- Microsoft
- võrk
- paroolid
- PC
- arvutid
- Lihttekst
- võim
- kaitsma
- Rent
- turvalisus
- nutikas
- tarkvara
- müüdud
- laiali
- alustatud
- test
- Testimine
- Tulevik
- ohus osalejad
- aeg
- ülemine
- kohtuprotsess
- Kasutajad
- virtuaalne
- Haavatavused
- haavatavus
- web
- veebibrauseri
- WHO
- aknad
Veel alates E häkkimisuudised
Conti Group kasutas ära haavatavaid Microsoft Exchange'i servereid
Allikasõlm: 1018436
Ajatempel: August 12, 2021
Uus Maci pahavara trikk kasutajaid, esitades end õigustatud macOS-i tööriistana
Allikasõlm: 1875799
Ajatempel: September 23, 2021
Venemaa nõudis USA-lt selgitusi riigiduuma valimiste ajal toimunud küberrünnakute kohta
Allikasõlm: 1875788
Ajatempel: September 23, 2021
6.6 miljonit dollarit kogus Bit Discovery Sell Attack Surface Management Tool
Allikasõlm: 1857004
Ajatempel: Juuni 29, 2021
Grass Valley linnaametnikud peavad läbirääkimisi lunavararünnakute käsitlejatega
Allikasõlm: 998196
Ajatempel: August 2, 2021
pNetwork sai kahju 12 miljoni dollari väärtuses bitcoine
Allikasõlm: 1875548
Ajatempel: September 22, 2021
REvil tabab Brasiilia tervishoiu hiiglaslikku Grupo Fleuryt
Allikasõlm: 1856955
Ajatempel: Juuni 28, 2021
Apple parandab macOS Zero Day haavatavuse, mida kuritarvitas XCSSET macOS-i pahavara
Allikasõlm: 874560
Ajatempel: Võib 26 2021
Microsoft Edge'i turvalisuse ümbersõidu haavatavus on parandatud
Allikasõlm: 1857006
Ajatempel: Juuni 29, 2021