Summarize

Simplifying... Inshort

A critical flaw in Microsoft's Copilot Studio, a tool for creating AI assistants, could have exposed sensitive cloud data.
The vulnerability, now fixed by Microsoft, allowed an attacker to bypass security measures and potentially access cloud data from multiple users.
Despite the swift action, concerns have been raised about the tool's excessive permissions, highlighting the need for robust security in AI applications.

Was a long read? Making it simpler...

Next Article

Microsoft acknowledges vulnerability as CVE-2024-38206

Critical flaw in Microsoft Copilot Studio exposes sensitive cloud data

By Mudit Dube

Aug 22, 2024

03:00 pm

What's the story

A significant security flaw has been identified in Microsoft's Copilot Studio tool, which could potentially expose sensitive information within a cloud environment. The server-side request forgery (SSRF) vulnerability was discovered by researchers at cybersecurity firm Tenable. They were able to exploit this weakness to access Microsoft's internal infrastructure, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances.

Flaw details

Microsoft acknowledges vulnerability as CVE-2024-38206

The vulnerability, now recognized by Microsoft as CVE-2024-38206, enables an authenticated attacker to circumvent SSRF protection in Copilot Studio and leak sensitive cloud-based information over a network. This flaw is triggered when an HTTP request made using the tool is combined with an SSRF protection bypass. Tenable researcher Evan Grant clarified that "an SSRF vulnerability occurs when an attacker is able to influence the application into making server-side HTTP requests to unexpected targets or in an unexpected way."

Experiment

Exploit tested on cloud data and services

The researchers used their exploit to generate HTTP requests for accessing cloud data and services from multiple tenants. While they did not find any cross-tenant information immediately accessible, they noted that the infrastructure for this Copilot Studio service was shared among tenants. Grant stated that any impact on this shared infrastructure could potentially affect multiple customers, thereby magnifying the risk.

Swift action

Microsoft mitigates vulnerability in Copilot Studio tool

Upon being alerted about the flaw by Tenable, Microsoft acted swiftly to address the issue. The company has now fully mitigated this vulnerability, with no further action required from Copilot Studio users. This information was confirmed in a security advisory issued by the tech giant.

Tool overview

Copilot Studio: A tool for creating AI assistants

Launched last year, Copilot Studio is a user-friendly tool designed to create custom AI assistants or chatbots. These applications allow users to perform various large language model (LLM) and generative AI tasks using data from the Microsoft 365 environment or any other data that the Power Platform on which the tool is built. However, security researcher Michael Bargury recently criticized it as being "way overpermissioned" at this year's Black Hat conference in Las Vegas.