Fast Facts
- Attackers can exploit a URL injection flaw in Microsoft Copilot to extract sensitive emails, calendar data, and files without user interaction, using a chain of three bugs combined into a single click attack.
- The exploit involves embedding malicious prompts in search queries, which are then covertly exfiltrated via Bing’s image URL fetches, bypassing security policies.
- Successful exploitation grants attackers access to critical information like MFA codes and confidential documents, enabling account takeover and data theft without needing user credentials.
Threat, Attack Techniques, and Targets
Researchers from Varonis Threat Labs identified a serious security flaw in Microsoft 365 Copilot Enterprise Search. This flaw, called SearchLeak, relies on chaining three bugs into a single-click attack. The attacker uses a specially crafted URL with a parameter called "q" meant for natural language queries. Instead of just searching, the URL instructs Copilot to search the user’s mailbox and embed search results into a response, possibly in an image URL.
This process involves a prompt injection, race conditions, and content security policy bypasses. When a victim clicks the malicious link, Copilot searches their data and embeds sensitive information in a way that can be exfiltrated. The attacker uses Bing’s image analysis endpoint to retrieve the data, acting as a proxy. The target audience contains Microsoft 365 users with access to sensitive emails, calendar details, and files stored in SharePoint or OneDrive.
Impact, Security Implications, and Remediation Guidance
The impact of SearchLeak is significant. It can give attackers access to emails, including MFA and reset codes, files, and calendar events without the user noticing. This can lead to account takeover, data theft, or further network intrusions. The flaw affects how Copilot handles search queries and response rendering, making it possible to extract data covertly.
Microsoft took action by fixing the vulnerability on its backend. However, because Copilot is a managed service, tenant administrators cannot patch it directly. They should monitor for suspicious activity, especially URLs with encoded payloads or unusual outbound requests to Bing. Reducing the amount of data Copilot indexes can also limit the damage from future leaks.
Remediation guidance should be obtained from Microsoft or relevant cybersecurity authorities. It is crucial to stay updated with official security advisories and implement recommended security measures.
Continue Your Tech Journey
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Discover archived knowledge and digital history on the Internet Archive.
ThreatIntel-V1
