Mimikatz has been used by a vulnerability researcher to dump a user’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service. Benjamin Delpy designed Mimikatz, an open-source cybersecurity software that allows researchers to test various credential stealing and impersonation vulnerabilities.
Microsoft’s Windows 365 cloud-based desktop service went live on August 2nd, allowing customers to rent Cloud PCs and access them via remote desktop clients or a browser. Microsoft offered free virtual PC trials, which rapidly sold out as consumers hurried to receive their two-month free Cloud PC.
Microsoft announced their new Windows 365 cloud-based virtual desktop experience at the Inspire 2021 conference, which allows organizations to deploy Windows 10 Cloud PCs, as well as Windows 11 eventually, on the cloud. This service is built on top of Azure Virtual Desktop, but it has been modified to make managing and accessing a Cloud PC easier.
Delpy told that he was one of the lucky few who was able to receive a free trial of the new service and began testing its security. He discovered that the brand-new service allows a malicious programme to dump logged-in customers’ Microsoft Azure plaintext email addresses and passwords. The credential dumps are carried out using a vulnerability he identified in May 2021 that allows him to dump plaintext credentials for Terminal Server users. While a user’s Terminal Server credentials are encrypted when kept in memory, Delpy claims he could decrypt them using the Terminal Service process.
To test this technique, BleepingComputer used a free Cloud PC trial on Windows 365. They entered the “ts::logonpasswords” command after connecting through the web browser and started mimikatz with administrative privileges, and mimikatz promptly dumped their login credentials in plaintext.
While mimikatz was designed for researchers, threat actors frequently use it to extract plaintext passwords from the LSASS process’ memory or perform pass-the-hash attacks utilizing NTLM hashes due to the power of its different modules. Threat actors can use this technique to spread laterally across a network until they gain control of a Windows domain controller, allowing them to take control of the entire Windows domain.
To protect against this method, Delpy recommends 2FA, smart cards, Windows Hello, and Windows Defender Remote Credential Guard. These security measures, however, are not yet accessible in Windows 365. Because Windows 365 is oriented toward enterprises, Microsoft is likely to include these security protections in the future, but for the time being, it’s crucial to be aware of the technique.
Source: https://www.ehackingnews.com/2021/08/microsoft-azure-credentials-exposed-in.html
- 11
- 2021
- acces
- Permiterea
- a anunțat
- Atacuri
- August
- Azuriu
- BP
- browser-ul
- creanțe
- clientii
- Cloud
- Conferință
- Consumatorii
- controlor
- scrisori de acreditare
- clienţii care
- Securitate cibernetică
- software de securitate cibernetică
- decriptaţi
- a descoperit
- experienţă
- Gratuit
- viitor
- HTTPS
- IT
- Microsoft
- reţea
- Parolele
- PC
- PC-uri
- Text simplu
- putere
- proteja
- Închiria
- securitate
- inteligent
- Software
- vândut
- răspândire
- început
- test
- Testarea
- Viitorul
- actori amenințători
- timp
- top
- proces
- utilizatorii
- Virtual
- Vulnerabilitățile
- vulnerabilitate
- web
- browser web
- OMS
- ferestre
Mai mult de la E Hacking News
Conti Group a exploatat servere Microsoft Exchange vulnerabile
Nodul sursă: 1018436
Timestamp-ul: August 12, 2021
Gazdele XAMPP sunt angajate pentru a distribui agentul Tesla
Nodul sursă: 1859101
Timestamp-ul: Iulie 30, 2021
Programul malware Android „FlyTrap” atacă conturile Facebook
Nodul sursă: 1022282
Timestamp-ul: August 11, 2021
Noile aplicații malware pentru Mac îi păcălesc pe utilizatori, dându-se drept instrument macOS legitim
Nodul sursă: 1875799
Timestamp-ul: Septembrie 23, 2021
Rusia a cerut o explicație din partea Statelor Unite cu privire la atacurile cibernetice din timpul alegerilor pentru Duma de Stat
Nodul sursă: 1875788
Timestamp-ul: Septembrie 23, 2021
Peste 200,000 de date despre studenți au fost scurse de atacuri cibernetice
Nodul sursă: 1857005
Timestamp-ul: Iunie 29, 2021
6.6 milioane de dolari strânși de Bit Discovery Sell Attack Surface Management Tool
Nodul sursă: 1857004
Timestamp-ul: Iunie 29, 2021
Oficialii orașului Grass Valley negociază cu cei care gestionează atacul ransomware
Nodul sursă: 998196
Timestamp-ul: August 2, 2021
pNetwork a suferit pierderi în bitcoini în valoare de 12 milioane de dolari
Nodul sursă: 1875548
Timestamp-ul: Septembrie 22, 2021
REvil lovește gigantul brazilian de sănătate Grupo Fleury
Nodul sursă: 1856955
Timestamp-ul: Iunie 28, 2021
Apple remediază vulnerabilitatea macOS Zero Day, abuzată de XCSSET macOS Malware
Nodul sursă: 874560
Timestamp-ul: 26 Mai, 2021
Vulnerabilitatea de ocolire de securitate a Microsoft Edge a fost remediată
Nodul sursă: 1857006
Timestamp-ul: Iunie 29, 2021