Researcher can dump Windows365 Azure passwords in the Web Interface
Windows 365 Cloud PC is a cloud computing service launched by Microsoft. Microsoft hopes to provide enterprises with a more reliable and cost-effective office experience through this service. At present, this service is limited to enterprise users’ applications.
The connection method includes a browser connection or Microsoft remote desktop connection. The cloud computer account and password are not provided by Microsoft, so the verification is actually a Microsoft account.
Now some researchers have used a variety of tools and vulnerabilities to successfully find the accounts and passwords used by cloud computers, proving that Microsoft cloud computer services still have weaknesses.
According to the researcher Benjamin Delpy, in order to obtain the user name and key, he used a variety of tools and obtained the key from the memory through the Windows Terminal vulnerability.
The user name and account obtained are actually critical to Microsoft because these credentials can be used to access other resources on the network and have administrative rights.
With this permission, malware can be installed to carry out large-scale infections. If you want to prevent these potential attacks, users should use multi-factor authentication tools.
However, Windows 365 Cloud PC currently relies on user names and passwords, so protection is not easy, which may require later security enhancements by Microsoft.
The Microsoft Cloud computer does not require password verification to log in automatically when logging in. Microsoft verifies the Microsoft online account assigned by the administrator and the set password.
Would you like to try to dump your #Windows365 Azure passwords in the Web Interface too?
A new #mimikatz 🥝release is here to test!
(Remote Desktop client still work, of course!)cc: @awakecoding @RyMangan pic.twitter.com/hdRvVT9BtG
— 🥝🏳️🌈 Benjamin Delpy (@gentilkiwi) August 7, 2021
Privacy and security are some of Microsoft’s key promotional content when promoting cloud computer services, so the leak of login credentials is indeed embarrassing for Microsoft.
But after all, this is a relatively normal thing that a new service has security vulnerabilities, and security researchers have not yet announced the complete process of stealing credentials.
So for Microsoft, the timely repair will not cause too much security crisis, but Microsoft has not yet responded to this matter and I don’t know if it is known.