Microsoft introduced Windows 365 in early August. Now, security researchers have discovered that Windows 365 credentials (username and password) can be read in plain text.
Needless to say, it is very dangerous as attackers could take control of Windows used by companies and individuals in the Cloud.
Windows 365 is a cloud service that is supposed to bring new features to companies of any size using Windows 10 or Windows 11.
Microsoft is trying to port the entire functional system, including apps, data and settings, in the Microsoft Cloud. Access will be possible from any enterprise device and operating systems such as Windows, Linux, iOS, macOS or Android.
Windows 365 is advertised by Microsoft as "design safe" and is based on the principle of zero-trust.
So the problem seems to have been detected by Mimikatz, an open source program for viewing temporary credentials in Windows, developed by Bejamin Delpy. The tool is widely used for cyber attacks.
Reading Azure credentials from a user logged in to the terminal server it is possible through a vulnerability that Delpy discovered May of 2021. Terminal server credentials are stored in memory in encrypted form. But Delpy found a way to make the Terminal Services process decrypt this data. This allows it to use a modified mimikatz to read the credentials of users connected to a terminal server in non-encrypted form, ie plain text.
On the plus side, it requires administrator privileges to run mimikatz. Recent weeks have shown, however, that if malware is already on a computer, it is possible to extend permissions through security vulnerabilities such as PrintNightmare. On such a system, malware could install an RDP program client.
Delpy recommends two-factor authentication, smart cards, Windows Hello, and Windows Defender Remote Credential Guard to protect against such attacks. However, these security features are currently missing from Windows 365 and may not appear until the product is more widely available in business environments.