In a recent revelation, cybersecurity specialists uncovered a significant security lapse within Microsoft’s Copilot Studio, a flaw that could be exploited to gain unauthorized access to sensitive information.
This vulnerability, cataloged as CVE-2024-38206 with a CVSS rating of 8.5, is characterized as an information disclosure issue rooted in a server-side request forgery (SSRF) assault.
“An authenticated adversary could circumvent SSRF safeguards in Microsoft Copilot Studio, enabling the exfiltration of sensitive data across a network,” Microsoft conveyed in an advisory issued on August 6, 2024.
The technology colossus also emphasized that the flaw has been mitigated, requiring no further intervention from customers.
The discovery and reporting of this flaw are credited to Evan Grant, a security researcher at Tenable, who highlighted that the vulnerability leverages Copilot’s capability to initiate external web requests.
“By integrating a sophisticated SSRF protection bypass, we exploited this weakness to penetrate Microsoft’s internal infrastructure for Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant elucidated.
In other words, the exploitation method allowed attackers to retrieve instance metadata through a Copilot chat interaction, subsequently using it to acquire managed identity access tokens. These tokens could then be misused to access additional internal resources, such as gaining read/write privileges to a Cosmos DB instance.
Tenable further remarked that, while this technique does not facilitate access to cross-tenant data, the shared infrastructure underpinning the Copilot Studio service among tenants could potentially expose multiple customers to risk by elevating access to Microsoft’s internal systems.
This disclosure coincides with Tenable’s recent report on two newly patched security flaws in Microsoft’s Azure Health Bot Service (CVE-2024-38109, CVSS score: 9.1), which, if exploited, could enable a malicious entity to achieve lateral movement within customer environments and compromise sensitive patient information.
Additionally, this follows Microsoft’s announcement mandating multi-factor authentication (MFA) for all Azure customers beginning in October 2024, as part of its Secure Future Initiative (SFI).
“MFA will become compulsory for signing into Azure portal, Microsoft Entra admin center, and Intune admin center. This enforcement will be gradually implemented across all tenants globally,” stated Redmond.
“Starting in early 2025, incremental enforcement of MFA during sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will be initiated.”