Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Windows 365 accounts and passwords can be stolen easily
A security researcher has found a way to retrieve Microsoft Azure user accounts and passwords in plain text from Microsoft's new Windows 365 Cloud PC service. The tool used to do this is Mimikatz.
Mimikatz is an open source security project created by Benjamin Delpy that allows developers to test a variety of identity theft methods and impersonation vulnerabilities.
Although created for researchers, Mimikatz is also used by hackers to attack users.
Windows 365 is a new service from Microsoft with the ability to provide Cloud PCs over the internet. Customers can rent Cloud PCs in different configurations to work as needed.
Right after Microsoft offered a trial subscription, developer Benjamin Delpy conducted a number of security tests on Windows 365 Cloud PC. Sharing with BleepingCompute, Delpy said he was able to query Microsoft Azure user accounts and passwords using Mimikatz on Windows 365.
Particularly noteworthy is that the user account and password querying is stored in plain text, unencrypted.
Delpy further shared that he exploited a vulnerability he discovered in May 2021 to be able to query user accounts and passwords. In addition, user accounts and passwords were originally stored encrypted, but Delpy tricked the system into deciphering this information and displaying it to him in plain text.
Is this problem dangerous?
In fact, this type of attack is very difficult to perform. First, the hacker will have to find a way to break into your Windows 365 Cloud PC. They can do this via phishing emails containing malicious code. After the malicious code is activated, the hacker will install a remote access system and then conduct privilege escalation through Windows vulnerabilities.
Finally, hackers use Mimikatz or similar software to query users' accounts and passwords. Once an account has been captured, the hacker will use it to attack both the enterprise's systems and other Microsoft services.
Delpy's discovery is a warning to Microsoft. Windows 365 Cloud PC is a promising service, but it will also face cybersecurity challenges. Hopefully in the future Microsoft will implement more security measures for this service.
Isabella HumphreyYou should read it
- How to change account password in Windows 11
- Recover the password of the 'Log On' account in windows XP
- How to disable Windows Hello sign-in to log in with a password on Windows 10
- 4 ways to hack Facebook you should know to protect your Facebook account
- How to open a computer when forgetting password Windows 10
- How to recover Windows 10 password easily
- Experiencing new features in Windows 10 build Cloud leaked
- Forget Windows 10 password, this is how to break password Win 10 without using 3rd tool
May be interested
- How to turn on iPhone protection when stolen
the stolen device protection feature on iphone is new to the newly released ios 17.3 version, improving the security of the phone, especially when lost or stolen. - Microsoft warns of the dangerous usage habits of millions of usersaccording to statistics of the microsoft threat research team, millions of users of microsoft services have the habit of using the same password for multiple accounts and especially re-using one password many times.
- How to view WiFi passwords saved on your phone, computeryou can easily view saved passwords on your android phone, ios or computer running windows or macos.
- How to find and view saved passwords on Macsaving passwords is helpful , especially if you often use very long, highly secure passwords for your accounts, but sometimes you forget them.
- Reddit is hacked, many member data is stolenreddit has been attacked by hackers and stolen data including passwords, message content, personal information, etc. of the members between june 14 and june 18.
- How to use Safe Password Manager to manage passwords on Windows 10safe password manager is an application that stores and manages accounts passwords on windows 10 and can be viewed in many different devices.
- Find out about Managed Group Services Accounts in Windows Server 2012managed service accounts (msa) - managed service account - was introduced in windows server 2008 r2 to automatically manage (or change) the passwords of service accounts.
- Trick to find encryption password on windows laptopwhile using the computer, you will log in with accounts and passwords on many different services both on the computer and on the website. but this login information is actually encrypted and stored on the computer. taimienphi will guide you to view encrypted passwords on your windows using available tools or software such as encryptedregview, credentialsfileview or vaultpasswordview.
- Users can now manage iCloud passwords directly on Windowsapple has released a new version of icloud in the microsoft store, bringing a dedicated app for icloud passwords that helps you manage your accounts and logins directly on windows.
- Use Password Safe in Windows 7password safe allows you to manage old passwords as well as easily create, save, organize, retrieve and use complex new passwords, using password policies to manage.
Security solution
- How to limit USB plugged into computer (only accept authorized USB)
- Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
- New Vulnerability in Windows 10 Allows Admin Hijacking
- Detect spyware that infects iMessage even if the user has not read the message
- Fool Windows Hello with a fake camera
- Discover more ways to attack the printing system in Windows
How to limit USB plugged into computer (only accept authorized USB)
Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
New Vulnerability in Windows 10 Allows Admin Hijacking
Detect spyware that infects iMessage even if the user has not read the message
Fool Windows Hello with a fake camera
Discover more ways to attack the printing system in Windows