Windows 365 plain text name & password

Microsoft introduced Windows 365 in early August. Now, security researchers have discovered that Windows 365 credentials (username and password) can be read in plain text.

Needless to say, it is very dangerous as attackers could take control of Windows used by companies and individuals in the Cloud.

Windows 365

Windows 365 is a cloud service that is supposed to bring new features to companies of any size using Windows 10 or Windows 11.

Microsoft is trying to port the entire system, including apps, data and settings, in the Microsoft Cloud. Access will be possible from any enterprise device and operating systems such as Windows, Linux, iOS, macOS or Android.

Windows 365 is advertised by Microsoft as "design safe" and is based on the principle of zero-trust.

So the problem seems to have been detected by Mimikatz, an open source program for viewing temporary credentials in Windows, developed by Bejamin Delpy. The tool is widely used for cyber attacks.

Reading Azure credentials from a user logged in to the terminal it is possible through a vulnerability that Delpy discovered May of 2021. Terminal server credentials are stored in memory in encrypted form. But Delpy found a way to make the Terminal Services process decrypt this data. This allows it to use a modified mimikatz to read the credentials of users connected to a terminal server in non-encrypted form, ie plain text.

On the plus side, it requires administrator privileges to run mimikatz. Recent weeks have shown, however, that if malware is already on a computer, it is possible to extend permissions through security vulnerabilities such as PrintNightmare. On such a system, malware could install an RDP program .

Delpy recommends two-factor authentication, smart cards, Windows Hello, and Windows Guard to protect against such attacks. However, these security features are currently missing from Windows 365 and may not appear until the product is more widely available in business environments.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
windows 365, plain text, iguru.gr, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).