Critical Vulnerability in Copilot Studio by Microsoft Addressed Through Patches, Revealing Confidential Data
Researchers in the field of cybersecurity have reported a significant flaw in Microsoft’s Copilot Studio that could potentially be utilized to extract important data.
Labeled as CVE-2024-38206 (CVSS score: 8.5), this vulnerability has been termed as an information leak vulnerability resulting from a server-side request forgery (SSRF) attack.
“A verified attacker can circumvent Server-Side Request Forgery (SSRF) protections in Microsoft Copilot Studio, leaking delicate information over a network,” Microsoft stated in an advisory issued on August 6, 2024.
The large software company mentioned that the flaw has been fixed and does not necessitate any action from customers.
Evan Grant, a security researcher from Tenable who discovered and reported this flaw, pointed out that it capitalizes on Copilot’s capability to make external web requests.
“By employing an efficient SSRF protection bypass, we exploited this issue to gain entry to Microsoft’s internal infrastructure for Copilot Studio, encompassing the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant explained.
In simpler terms, this attack method enabled the retrieval of instance metadata in a Copilot chat message, utilizing it to acquire managed identity access tokens, which could then be misused to reach other internal resources, thereby achieving read/write access to a Cosmos DB instance.
The cybersecurity firm also highlighted that although this method does not allow access to information across different tenants, the infrastructure supporting the Copilot Studio service is utilized jointly among tenants, potentially impacting various customers when acquiring elevated access to Microsoft’s internal infrastructure.
This disclosure coincides with Tenable’s revelation of two previously fixed security vulnerabilities in Microsoft’s Azure Health Bot Service (CVE-2024-38109, CVSS score: 9.1), which if exploited, could enable a malicious actor to move laterally within customer environments and access sensitive patient data.
This revelation also follows Microsoft’s announcement to mandate multi-factor authentication (MFA) for all Microsoft Azure customers starting from October 2024 as part of its Secure Future Initiative (SFI).
“MFA will be obligatory for signing in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually extend to all tenants globally,” Redmond mentioned.
“Starting in early 2025, phased enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will begin.”
About Author
