Hacker finds a way to steal Windows 365 user names and passwords

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft touts Windows 365, Microsoft’s cloud PC solution, as being much safer than running software directly on your PC, but hackers have already found a way to exploit the remote access software to steal your user name and password credentials.

Security researcher Benjamin Delphy achieved this feat by using a combination of tools. He used the Mimikatz tool, which can read passwords from memory, and an exploit of Windows Terminal he discovered which lets him decrypt the password to deliver the user name and password users use for Windows 365.

These credentials can then be used to access other resources on a network and spread from computer to computer, likely installing ransomware in the process.

Delphy notes that Windows Hello, Smartcards and other 2FA may have helped prevent this attack, but that Windows 365 relies on user names and passwords, so is not easy to protect.

Read all the detail associated with the hack at BleepingComputer here.

More about the topics: cloudpc, security, windows 10, Windows 365

Leave a Reply

Your email address will not be published. Required fields are marked *