Microsoft introduced Windows 365 in early August. Now, researchers security discovered that the credentials (username and password accessh) of Windows 365 can be read in plain text.
Needless to say, it is very dangerous as attackers could take control of Windows used by companies and individuals in the Cloud.
Windows 365 is a cloud service that is supposed to bring new features to companies of any size using Windows 10 or Windows 11.
Microsoft is trying to port the entire operating system, including apps, data and settings, in the Microsoft Cloud. Access will be possible from any enterprise device and operating systems such as Windows, Linux, iOS, macOS or Android.
Windows 365 is advertised by Microsoft as "design safe" and is based on the principle of zero-trust.
So the problem seems to have been detected by Mimikatz, an open source program for viewing temporary credentials in Windows, developed by Bejamin Delpy. The tool is widely used for cyber attacks.
Reading Azure credentials by a user connected to the terminal server is possible through a vulnerability discovered by Delpy May of 2021. Terminal server credentials are stored in memory in encrypted form. But Delpy found a way to make the Terminal Services process decrypt this data. This allows it to use a modified mimikatz to read the credentials of users connected to a terminal server in non-encrypted form, ie plain text.
The upside is that it requires administrator rights to run mimikatz. But the last weeks have shown that if malicious λογισμικό είναι ήδη σε ένα υπολογιστή, είναι δυνατό να επεκταθούν τα δικαιώματα μέσω κενών ασφαλείας όπως το PrintNightmare. In such a system, the malware could install an RDP client program.
Delpy recommends two-factor authentication, smart cards, Windows Hello and Windows Defender Remote Credential Guard to protect against such attacks. However, these security features are currently lacking in Windows 365 and may not be available until the product is released more widely in business environments.
