Mimikatz has been used by a vulnerability researcher to dump a user’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service. Benjamin Delpy designed Mimikatz, an open-source cybersecurity software that allows researchers to test various credential stealing and impersonation vulnerabilities.
Microsoft’s Windows 365 cloud-based desktop service went live on August 2nd, allowing customers to rent Cloud PCs and access them via remote desktop clients or a browser. Microsoft offered free virtual PC trials, which rapidly sold out as consumers hurried to receive their two-month free Cloud PC.
Microsoft announced their new Windows 365 cloud-based virtual desktop experience at the Inspire 2021 conference, which allows organizations to deploy Windows 10 Cloud PCs, as well as Windows 11 eventually, on the cloud. This service is built on top of Azure Virtual Desktop, but it has been modified to make managing and accessing a Cloud PC easier.
Delpy told that he was one of the lucky few who was able to receive a free trial of the new service and began testing its security. He discovered that the brand-new service allows a malicious programme to dump logged-in customers’ Microsoft Azure plaintext email addresses and passwords. The credential dumps are carried out using a vulnerability he identified in May 2021 that allows him to dump plaintext credentials for Terminal Server users. While a user’s Terminal Server credentials are encrypted when kept in memory, Delpy claims he could decrypt them using the Terminal Service process.
To test this technique, BleepingComputer used a free Cloud PC trial on Windows 365. They entered the “ts::logonpasswords” command after connecting through the web browser and started mimikatz with administrative privileges, and mimikatz promptly dumped their login credentials in plaintext.
While mimikatz was designed for researchers, threat actors frequently use it to extract plaintext passwords from the LSASS process’ memory or perform pass-the-hash attacks utilizing NTLM hashes due to the power of its different modules. Threat actors can use this technique to spread laterally across a network until they gain control of a Windows domain controller, allowing them to take control of the entire Windows domain.
To protect against this method, Delpy recommends 2FA, smart cards, Windows Hello, and Windows Defender Remote Credential Guard. These security measures, however, are not yet accessible in Windows 365. Because Windows 365 is oriented toward enterprises, Microsoft is likely to include these security protections in the future, but for the time being, it’s crucial to be aware of the technique.
Source: https://www.ehackingnews.com/2021/08/microsoft-azure-credentials-exposed-in.html
- 11
- 2021
- access
- Allowing
- announced
- Attacks
- AUGUST
- Azure
- BP
- browser
- claims
- clients
- Cloud
- Conference
- Consumers
- controller
- Credentials
- Customers
- Cybersecurity
- cybersecurity software
- Decrypt
- discovered
- experience
- Free
- future
- HTTPS
- IT
- Microsoft
- network
- Passwords
- PC
- PCs
- Plaintext
- power
- protect
- Rent
- security
- smart
- Software
- sold
- spread
- started
- test
- Testing
- The Future
- threat actors
- time
- top
- trial
- users
- Virtual
- Vulnerabilities
- vulnerability
- web
- web browser
- WHO
- windows
More from E Hacking News
IT expert warned about the danger of pirated files downloaded via torrent
Source Node: 1089500
Time Stamp: Sep 22, 2021
Agrius – The Iranian Hacking Group Targets Israel Using Data Wipers
Source Node: 874564
Time Stamp: May 26, 2021
Anonymous Hacking Group Targets Controversial Web Hoster Epik
Source Node: 1089502
Time Stamp: Sep 22, 2021
Cyber Firm: Ransomware Group Demanding $50M in Accenture Security Breach
Source Node: 1864222
Time Stamp: Aug 13, 2021
Lubbock County Denies Data Leak, Says Data Temporarily Attainable Under New Software System
Source Node: 1875200
Time Stamp: Sep 20, 2021
India’s Finance Software Powerhouse NSE Blown By EpsilonRed Ransomware
Source Node: 887752
Time Stamp: Jun 8, 2021
Malevolent PyPI Packages Detected Filching Developer Data
Source Node: 998198
Time Stamp: Aug 2, 2021
Zyxel Warns Customers About Hackers Targeting its Firewalls & VPN Devices
Source Node: 1856940
Time Stamp: Jun 28, 2021
Researchers Uncovered Russian Spy Agencies Targeting Slovak Government
Source Node: 1022276
Time Stamp: Aug 15, 2021
Underground Criminals Selling Stolen Network Access to Third Parties for up to $10,000
Source Node: 1864251
Time Stamp: Aug 13, 2021
Microsoft Discovered a Massive Phishing-as-a-Service Operation
Source Node: 1089494
Time Stamp: Sep 23, 2021
Cyber Criminals Using a New Darknet Tool to Escape Detection
Source Node: 1864401
Time Stamp: Aug 14, 2021