New attack turned Microsoft 365 Copilot into 1-click data theft tool
Summary
A vulnerability chain called SearchLeak has been discovered in Microsoft 365 Copilot Enterprise that allows attackers to steal sensitive data. By crafting a special URL, attackers can access data from a user's mailbox, OneDrive, or SharePoint.
IFF Assessment
This vulnerability allows attackers to easily steal sensitive data from Microsoft 365 services, representing a significant threat to defenders.
Severity
The vulnerability allows for unauthorized access and exfiltration of sensitive data from multiple Microsoft 365 services, indicating a high impact and potentially exploitable attack vector.
Defender Context
Defenders need to be aware of this new attack vector targeting Microsoft 365 Copilot. It highlights the risks associated with AI-powered tools and the importance of scrutinizing URLs and access controls within these environments. Organizations should implement strict access policies and user training to mitigate the impact of such exploits.