Your Azure credentials can be leaked due to this Windows 365 vulnerability

Vlad Turiceanu
by Vlad Turiceanu
Editor-in-Chief
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming from a solid background in PC... Read more
Affiliate Disclosure
  • Another vulnerability of a Microsoft product can allow a malicious third party to gain information from individuals logged into Windows 365.
  • A researcher discovered a way to dump user’s unencrypted plaintext Microsoft Azure credentials, using Mimikatz.
  • Using such tools, hackers can spread laterally throughout a network until they control a Windows domain controller, thus allowing them to take over it.
  • These credential dumps are actually being done through a vulnerability that was discovered back in May 2021.
azure vulnerability

It seems that Microsoft can’t catch a break when it comes to dealing with vulnerabilities and the continuous exploitation of some of them.

And besides the neverending PrintNightmare story, now a serious vulnerability affecting Windows 365, the company’s new cloud PC service.

Thi unexpected issue would allow a malicious third party to gain the Azure credentials of individuals logged into Windows 365.

This Windows 365 vulnerability can lead to information leaks

A security researcher found a way to dump people’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service using Mimikatz.

If you’re not familiar with the term, Mimikatz is an open-source cybersecurity project created by Benjamin Delpy, that gives researchers the ability to test various credential stealing and impersonation vulnerabilities.

Part of the message that can be found on this project’s GitHub page hints at the easiness with which such tools can be used to extract private information.

It’s well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket, build Golden tickets, play with certificates or private keys, vault, … maybe make coffee?

Initially created for researchers, because of the power of its many modules, it is also used by hackers in order to dump plaintext passwords from the memory of the LSASS process or perform pass-the-hash attacks using NTLM hashes.

By utilizing this efficient tool, malicious individuals can spread laterally throughout a network until they control a Windows domain controller, thus allowing them to take over it.

Let’s just say that for most people, there won’t be a major risk, assuming that they’re not sharing PC admin privileges with anyone they don’t trust.

But seeing how many people fall victim to phishing schemes, which then results in handing over control of your PC to an unknown assailant, it’s not uncommon.

Once inside, they can remotely run applications and programs on your machine, they can easily utilize the program to sweep up your Azure credentials through Windows 365.

Windows 365 is a business-and-enterprise-orientated feature so you might imagine how dangerous credential theft would be.

These credential dumps are being done through a vulnerability he discovered in May 2021, one that allows him to dump the plaintext credentials for users logged into a Terminal Server.

Tools such as Windows Defender Remote Credential Guard would usually prevent this issue from existing and threatening users but such tools don’t exist in Windows 365 yet, leaving it vulnerable.

Remember to do everything in your power to protect your credentials and other sensitive data, by not sharing it and making sure you only download from accredited websites.

Have you ever been the victim of information leaks? Share your experience with us in the comments section below.