Windows 365 Vulnerability Reveals Microsoft Azure Password To Hackers
Researchers have discovered a vulnerability in Windows 365 that allows others to see your Microsoft Azure password. It was first discovered by cybersecurity researcher, Benjamin Delpy, who is the creator of the Mimikatz project.
Using his own software, Benjamin showcased that anyone accessing your computer can steal your Azure password. This is due to users needing a Microsoft Azure account to access Windows 365.
Windows 365 is basically a cloud PC that you can access through the Remote Desktop Protocol. Unfortunately, you aren’t safe even if you are accessing the PC through a web browser. This is all related to a vulnerability in the Remote Desktop connection used to run Windows 365. The vulnerability was first discovered in May, and now it has made its way to the cloud service.
Anyone using Remote Desktop Protocol to access a PC is also vulnerable to this attack. This is all possible through the use of the Mimikatz software mentioned above. The software was made for research purposes but is now often used by attackers. It can extract plaintext passwords, hash, PIN code, and Kerberos tickets from memory.
The only upside is that the attacker would need administrator privileges on your Windows 365 device to execute this. Unfortunately, attackers can utilize other vulnerabilities such as malware, phishing attacks, Printnightmare, or Hivenightmare to gain remote access to your device. From there, the attacker can infect the whole network system of an entire company.
How to prevent Windows 365 vulnerability attack?
For now, the only way to secure your device is to use two-factor authentication, smart cards, Windows Hello, and Windows Defender Remote Credential Guard. However, Windows 365 still doesn’t have these features at the time of writing. Let’s hope Microsoft is working on fixing this issue as soon as possible.
It’s sad to see that in just 2 weeks since the launch Microsoft’s Windows 365 have seen this many ups and downs. Previously, it was hit with a massive ransomware attack, and servers were also down on some occasions, which stopped many people from doing their work.