Benjamin Delpy, the popular security researcher and author of the Mimikatz tool, has devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 Cloud PC service using Mimikatz.
Mimikatz is an open-source project that allows gathering credential data from Windows systems.
Early this month, Microsoft launched the Windows 365 Cloud PC service that allows its customers to deploy Windows 10 desktops in the cloud and access them via RDP or using a browser.
Delpy discovered that the service allows a malicious program to dump the Microsoft Azure plaintext credentials (email address and passwords) for logged-in users.
The experts exploited a vulnerability he discovered in May that allows him to retrieve the plaintext credentials for users logged into a Terminal Server.
BleepingComputer, who first reported the news, successfully tested the technique on a free Cloud PC trial on Windows 365.
“After connecting through the web browser and launching mimikatz with Administrative privileges, we entered the “ts::logonpasswords” command and mimikatz quickly dumped our login credentials in plaintext, as shown below.” states BleepingComputer.
The attack scenario described by Bleeping computer sees the victim opening a phishing email with a malicious Office attachment on his Windows 365 Cloud PC. Upon enabling the macros in the document, it can install a remote access tool that allows an attacker to access the Cloud PC.
Then the attacker can escalate privileges using multiple issues, including PrintNightmare flaws, and then dump the credentials using Mimikatz.
Delpy explained that 2FA and Windows Defender Remote Credential Guard can protect the users against this technique, but Windows 365 has yet to support it.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Mimikaz)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.