A critical security vulnerability [2] [3] [4] [6], identified as CVE-2024-38206 [5] [6], was recently discovered in Microsoft’s Copilot Studio by cybersecurity researchers.
Description
Tenable security researcher Evan Grant found the flaw to be an information disclosure bug resulting from a server-side request forgery (SSRF) attack. This vulnerability allowed authenticated attackers to bypass SSRF protection and access sensitive cloud-based information within Microsoft’s internal infrastructure for Copilot Studio. By exploiting Copilot’s ability to make HTTP requests [6], attackers could retrieve instance metadata in a chat message and add a custom topic with an advanced “HttpRequestAction” action to obtain managed identity access tokens and access internal assets like Cosmos DB documents. While the vulnerability did not grant access to cross-tenant information [1] [4], it could impact multiple customers due to the shared infrastructure of the Copilot Studio service [1] [2].
Conclusion
The flaw highlighted the risks associated with launching products in new or rapidly expanding areas. Microsoft promptly addressed the vulnerability [2], ensuring no action was required from Copilot Studio users. This incident underscores the importance of robust security measures in cloud-based services to prevent unauthorized access and protect sensitive information.
References
[1] https://cyber.vumetric.com/security-news/2024/08/21/microsoft-patches-critical-copilot-studio-vulnerability-exposing-sensitive-data/
[2] https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html
[3] https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
[4] https://vulners.com/thn/THN:7E69ADFC2F4E8B6E53D8BA3F714B7BC8
[5] https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data
[6] https://securityaffairs.com/167353/security/copilot-studio-vulnerability.html
