This lateral movement technique is known as pass-the-hash and is one of attacks that Virtual Secure Module (VSM) was intended to protect against.
In many cases the authentication process relies on the password's cryptographic hash, so there are tools to extract such hashes from compromised Windows machines and use them to access other services.
On Windows networks, attackers don't necessarily need plaintext passwords to access certain services. If VSM is active, not even administrative users can access the passwords or password hashes of other system users. VSM is a virtual machine container present in Windows 10 Enterprise that can be used to isolate critical services from the rest of the system, including the Local Security Authority Subsystem Service (LSASS).
