Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Windows 365 accounts and passwords can be stolen easily
A security researcher has found a way to retrieve Microsoft Azure user accounts and passwords in plain text from Microsoft's new Windows 365 Cloud PC service. The tool used to do this is Mimikatz.
Mimikatz is an open source security project created by Benjamin Delpy that allows developers to test a variety of identity theft methods and impersonation vulnerabilities.
Although created for researchers, Mimikatz is also used by hackers to attack users.
Windows 365 is a new service from Microsoft with the ability to provide Cloud PCs over the internet. Customers can rent Cloud PCs in different configurations to work as needed.
Windows 365 accounts and passwords can be stolen easily Picture 1
Right after Microsoft offered a trial subscription, developer Benjamin Delpy conducted a number of security tests on Windows 365 Cloud PC. Sharing with BleepingCompute, Delpy said he was able to query Microsoft Azure user accounts and passwords using Mimikatz on Windows 365.
Particularly noteworthy is that the user account and password querying is stored in plain text, unencrypted.
Delpy further shared that he exploited a vulnerability he discovered in May 2021 to be able to query user accounts and passwords. In addition, user accounts and passwords were originally stored encrypted, but Delpy tricked the system into deciphering this information and displaying it to him in plain text.
Is this problem dangerous?
In fact, this type of attack is very difficult to perform. First, the hacker will have to find a way to break into your Windows 365 Cloud PC. They can do this via phishing emails containing malicious code. After the malicious code is activated, the hacker will install a remote access system and then conduct privilege escalation through Windows vulnerabilities.
Finally, hackers use Mimikatz or similar software to query users' accounts and passwords. Once an account has been captured, the hacker will use it to attack both the enterprise's systems and other Microsoft services.
Delpy's discovery is a warning to Microsoft. Windows 365 Cloud PC is a promising service, but it will also face cybersecurity challenges. Hopefully in the future Microsoft will implement more security measures for this service.
Isabella HumphreyYou should read it
- Forget Windows 7 password still logged in Administrator account, this is how to 'hack'
- How to Hack a Password Protected Computer Account
- How to change account password in Windows 11
- Recover the password of the 'Log On' account in windows XP
- How to disable Windows Hello sign-in to log in with a password on Windows 10
- 4 ways to hack Facebook you should know to protect your Facebook account
- How to open a computer when forgetting password Windows 10
- How to recover Windows 10 password easily
- Experiencing new features in Windows 10 build Cloud leaked
- Forget Windows 10 password, this is how to break password Win 10 without using 3rd tool
- Microsoft executes Windows Live, 'clears its way' to wait for Windows 8
- How to hack Wifi password with Aircrack-Ng
Maybe you are interested
Microsoft's official Windows 11 virtual machine is no longer available
How to remove Microsoft Edge on Windows 11
Microsoft makes major improvements to Windows Update, updates will be installed much faster
Microsoft Word or Google Docs is better for you?
Distinguishing Microsoft 365 and Office 2024
Microsoft's foldable smartphone won't have a crease
Security solution
How to limit USB plugged into computer (only accept authorized USB)- Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
- New Vulnerability in Windows 10 Allows Admin Hijacking
- Detect spyware that infects iMessage even if the user has not read the message
- Fool Windows Hello with a fake camera
- Reasons Why You Need to Start Using a VPN
How to limit USB plugged into computer (only accept authorized USB)
Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
New Vulnerability in Windows 10 Allows Admin Hijacking
Detect spyware that infects iMessage even if the user has not read the message
Fool Windows Hello with a fake camera
Reasons Why You Need to Start Using a VPN