A vulnerability in Microsoft 365 Copilot that allowed attackers to steal customers’ delicate data has been disclosed by a cybersecurity researcher.
Johann Rehberger, who found the flaw, described the exploit chain in a weblog publish revealed on August 26. The assault combines a number of superior strategies, together with immediate injection, computerized instrument invocation and a novel methodology referred to as ASCII smuggling, which phases knowledge for exfiltration.
The assault begins with a immediate injection delivered by a malicious electronic mail or shared doc. As soon as triggered, this injection prompts Microsoft 365 Copilot to seek for further emails and paperwork with out person consent.
The attacker can then leverage ASCII smuggling, which makes use of invisible Unicode characters to embed delicate data inside seemingly benign hyperlinks. When a person clicks on these hyperlinks, the embedded knowledge is transmitted to a third-party server managed by the attacker.
Vulnerability Report and Microsoft Patch
Rehberger initially reported the vulnerability to Microsoft in January 2024. Regardless of its refined nature, the problem was initially labeled as low severity. Nevertheless, Rehberger demonstrated how this exploit chain might exfiltrate delicate knowledge, similar to multi-factor authentication (MFA) codes, prompting Microsoft to rethink and ultimately patch the vulnerability by July 2024.
Learn extra on Microsoft patches: Microsoft Fixes 4 Zero-Days in July Patch Tuesday
In response to the researcher, the vulnerability highlights the potential risks posed by AI instruments like Microsoft 365 Copilot, which depend on massive language fashions (LLMs) for processing person content material.
Particularly, the incident underscores the significance of implementing strong safety measures to guard towards immediate injection and associated assaults, notably as AI instruments change into more and more built-in into enterprise environments.
Microsoft has not disclosed the specifics of the patch, however Rehberger confirmed that the vulnerability not poses a menace.
“It’s unclear how precisely Microsoft mounted the vulnerability and what mitigation suggestions had been applied,” the researcher wrote. “However the exploits I constructed and shared with them in January and February don’t work anymore, and it appeared that hyperlinks aren’t rendered anymore since a number of months in the past.”
To defend towards related assaults, Rehberger prompt enterprises assess their threat tolerance and publicity to forestall knowledge leaks from Copilot and implement knowledge loss prevention (DLP) and different safety controls to handle the creation and publication of those instruments.
Picture credit score: Mamun sheikh Okay / Shutterstock.com
