A vulnerability in Microsoft 365 Copilot that allowed attackers to steal customers’ delicate info has been disclosed by a cybersecurity researcher.
Johann Rehberger, who found the flaw, described the exploit chain in a weblog put up revealed on August 26. The assault combines a number of superior strategies, together with immediate injection, computerized instrument invocation and a novel technique known as ASCII smuggling, which levels information for exfiltration.
The assault begins with a immediate injection delivered via a malicious e mail or shared doc. As soon as triggered, this injection prompts Microsoft 365 Copilot to seek for extra emails and paperwork with out person consent.
The attacker can then leverage ASCII smuggling, which makes use of invisible Unicode characters to embed delicate info inside seemingly benign hyperlinks. When a person clicks on these hyperlinks, the embedded information is transmitted to a third-party server managed by the attacker.
Vulnerability Report and Microsoft Patch
Rehberger initially reported the vulnerability to Microsoft in January 2024. Regardless of its refined nature, the difficulty was initially categorized as low severity. Nevertheless, Rehberger demonstrated how this exploit chain may exfiltrate delicate information, resembling multi-factor authentication (MFA) codes, prompting Microsoft to rethink and finally patch the vulnerability by July 2024.
Learn extra on Microsoft patches: Microsoft Fixes 4 Zero-Days in July Patch Tuesday
In accordance with the researcher, the vulnerability highlights the potential risks posed by AI instruments like Microsoft 365 Copilot, which depend on giant language fashions (LLMs) for processing person content material.
Particularly, the incident underscores the significance of implementing strong safety measures to guard in opposition to immediate injection and associated assaults, significantly as AI instruments turn into more and more built-in into enterprise environments.
Microsoft has not disclosed the specifics of the patch, however Rehberger confirmed that the vulnerability now not poses a risk.
“It’s unclear how precisely Microsoft mounted the vulnerability and what mitigation suggestions had been applied,” the researcher wrote. “However the exploits I constructed and shared with them in January and February don’t work anymore, and it appeared that hyperlinks will not be rendered anymore since a couple of months in the past.”
To defend in opposition to comparable assaults, Rehberger advised enterprises assess their danger tolerance and publicity to forestall information leaks from Copilot and implement information loss prevention (DLP) and different safety controls to handle the creation and publication of those instruments.
Picture credit score: Mamun sheikh Ok / Shutterstock.com