Exciting news hit the cybersecurity world as researchers uncover a critical bug in Microsoft’s Copilot Studio that puts sensitive data at risk.
Tracked as CVE-2024-38206 (CVSS score: 8.5), this vulnerability, categorized as an information disclosure flaw, finds its root in a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft revealed in an advisory released on August 6, 2024.
The issue has already been fixed by Microsoft and requires no action from customers.
Security researcher Evan Grant, the discoverer of the vulnerability, highlighted that the exploit capitalizes on Copilot’s ability to make external web requests.
“Utilizing a clever SSRF protection bypass, we managed to gain unauthorized access to Microsoft’s internal infrastructure for Copilot Studio, including sensitive services like the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant explained.
This attack methodology enabled the retrieval of instance metadata within a Copilot chat message, leading to acquiring managed identity access tokens that could be misused to access various internal resources, including write access to a Cosmos DB instance.
The experts cautioned that despite not granting access to cross-tenant data, the shared infrastructure behind Copilot Studio could jeopardize multiple clients if leveraged to infiltrate Microsoft’s internal systems.
Simultaneously, Tenable unveiled and resolved two security flaws in Microsoft’s Azure Health Bot Service (CVE-2024-38109, CVSS score: 9.1), offering insights into potential lateral movement within customer environments and exposure to confidential patient data.
This development coincides with Microsoft’s recent announcement requiring Azure customers to implement multi-factor authentication (MFA) on their accounts by October 2024 as part of the Secure Future Initiative (SFI).
“MFA will become mandatory for accessing the Azure portal, Microsoft Entra admin center, and Intune admin center. The gradual rollout will extend to all tenants globally,” Redmond confirmed.
“Starting early 2025, MFA enforcement will expand to sign-ins for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools.”