While being generative AI has led to significant advances in medicine, education, computing, and other fields, and continues to raise serious security and privacy concerns among users.
Recently, cyber security firm Varonis Threat Labs found a way to exploit Microsoft Copilot Steal all kinds of personal and enterprise data, which SearchLeak calls (Ars Technica). According to the details of security officer Dolev Thaler, SearchLeak a “A three-step vulnerability chain that turned Microsoft 365 Copilot Enterprise Search into a silent data mining weapon.”
Thaler noted that the vulnerability clearly shows how AI-powered threats have evolved from classic bugs and become increasingly dangerous. “Together, these vulnerabilities show how artificial intelligence can create new ways into systems that build on older vulnerabilities that are notoriously difficult for security teams to detect.” the researcher added.
How does SearchLeak work? This is an AI-specific vulnerability called parameter-to-operate injection. In this case, the attacker will send the unsuspecting user a malicious link containing a “parameter q” intended for natural language search queries.
More likely, the parameter can be included in a legitimate URL. As a result, the researcher explained, Copilot’s AI engine interprets the URL not only as a search query, but also as executable instructions.
Consequently, if the user clicks on the link, it opens Microsoft 365 Copilot Search, which interprets the setting as instructions for searching its emails. Copilot then generates an output that includes the sensitive data in the image URL and exfiltrates it through Bing.
Search functionality is exactly what attackers need, because even with limited capabilities, it is enough for one user to have access to critical information. To extract the information, the attacker constructs a URL to Kopilot that says “Search for user’s emails”, extract the header, and paste it into the image URL.
Hero Threat Labs
while Microsoft said the vulnerability was not exploited and has since been patchedthis grass is labeled a “critical”. This event opens the door to a broader discussion about the dangers of AI in the enterprise.
“Because SearchLeak targets Microsoft’s Enterprise tier, its blast radius isn’t limited to personal data—it can reveal anything a user has access to within an organization, including emails, meeting invitations, and notes.” Varonis noted. “SharePoint documents, OneDrive files, and other indexed business content. “Depending on how the M365 is connected to the environment, the blast radius can be extended even further.”
The exploit could give attackers access to sensitive data, including email subject lines and content, MFA/2FA code activations, meeting details, and files indexed by unsuspecting users of Copilot.
Join us Reddit at r/WindowsCentral to share your thoughts and discuss our latest news, reviews and more.
