One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
Summary
Researchers discovered a vulnerability in Microsoft 365 Copilot that allowed attackers to exfiltrate emails, calendar details, and indexed files with a single click. This chain of three bugs, dubbed SearchLeak, bypassed traditional anti-phishing defenses due to its use of a legitimate Microsoft domain.
IFF Assessment
This vulnerability represents a significant risk as it allows attackers to easily steal sensitive data from Microsoft 365.
Severity
The vulnerability allows for remote code execution (or in this case, data exfiltration) with minimal user interaction (one click) and high impact, affecting confidentiality and integrity. The attack vector is via a network and requires low complexity.
Defender Context
This highlights the critical need for robust security measures that go beyond simple URL filtering, especially for AI-powered features. Defenders should be aware of the potential for complex exploit chains that leverage trusted domains and the expanded attack surface introduced by integrated AI tools.