Connect with us

Tech News

Microsoft Copilot Studio Vulnerability Could Expose Sensitive Data

Published

on

Latest Hacking News

Microsoft’s AI flagship, Copilot Studio, was found to have a critical SSRF vulnerability that could potentially expose sensitive internal data to adversaries. Following a bug report, Microsoft promptly patched the flaw to ensure the security of its infrastructure.

SSRF Vulnerability Found In Microsoft Copilot Studio

A recent post from Tenable revealed a serious server-side request forgery (SSRF) vulnerability in Microsoft Copilot Studio.

Researchers discovered that a unique functionality of the tool allowed users to send HTTP requests as prompts. They tested this feature against Instance Metadata Service (IMDS) and Cosmos DB instances, eventually bypassing SSRF protection and accessing sensitive information.

The vulnerability, identified as CVE-2024-38206, received a critical severity rating and a CVSS score of 8.5. Tenable provided a detailed technical analysis of the vulnerability and its exploitation process.

Microsoft Patched The Vulnerability

Upon receiving the report from Tenable, Microsoft quickly addressed the vulnerability and credited the discovery to Evan Grant. The tech giant confirmed full mitigation in its advisory, requiring no action from users to receive the fix.

Share your thoughts in the comments section below.

See also  Unpatched Vulnerabilities In Microsoft macOS Apps Pose Threat

Trending