Microsoft introduced Windows 365 in early August. Now, security researchers have discovered that Windows 365 credentials (username and password) can be read in plain text.
Needless to say, it is very dangerous as attackers could take control of Windows used by companies and individuals in the Cloud.
Windows 365 is a cloud service that is supposed to bring new features to companies of any size using Windows 10 or Windows 11.
Microsoft is trying to transfer the entire operating system, including applications, data and settings, to Microsoft Cloud. Access will be possible from any corporate device and operating systems such as Windows, Linux, iOS, macOS or Android.
Windows 365 is advertised by Microsoft as "design safe" and is based on the principle of zero-trust.
So the problem seems to have been detected by Mimikatz, an open source program for viewing temporary credentials in Windows, developed by Bejamin Delpy. The tool is widely used for cyber attacks.
Reading Azure credentials by a user connected to the terminal server is possible through a vulnerability discovered by Delpy May of 2021. Terminal server credentials are stored in memory in encrypted form. But Delpy found a way to make the Terminal Services process decrypt this data. This allows it to use a modified mimikatz to read the credentials of users connected to a terminal server in non-encrypted form, ie plain text.
On the plus side, it requires administrator privileges to run mimikatz. Recent weeks have shown, however, that if malware is already on a computer, it is possible to extend permissions through security vulnerabilities such as PrintNightmare. In such a system, the malware could install an RDP client program.
Delpy recommends two-factor authentication, smart cards, Windows Hello and Windows Defender Remote Credential Guard to protect against such attacks. However, these security features are currently lacking in Windows 365 and may not be available until the product is released more widely in business environments.