Microsoft touts Windows 365, Microsoft’s cloud PC solution, as being much safer than running software directly on your PC, but hackers have already found a way to exploit the remote access software to steal your user name and password credentials.
Would you like to try to dump your #Windows365 Azure passwords in the Web Interface too?
A new #mimikatz ?release is here to test!
(Remote Desktop client still work, of course!)
— ? Benjamin Delpy (@gentilkiwi) August 7, 2021
Security researcher Benjamin Delphy achieved this feat by using a combination of tools. He used the Mimikatz tool, which can read passwords from memory, and an exploit of Windows Terminal he discovered which lets him decrypt the password to deliver the user name and password users use for Windows 365.
These credentials can then be used to access other resources on a network and spread from computer to computer, likely installing ransomware in the process.
Delphy notes that Windows Hello, Smartcards and other 2FA may have helped prevent this attack, but that Windows 365 relies on user names and passwords, so is not easy to protect.
Read all the detail associated with the hack at BleepingComputer here.