Microsoft patches flaw in Copilot Studio enabling leak of sensitive information
Take action: No action needed on this one. Just awareness that cloud services carry risks in themselves.
Learn More
A vulnerability is reported in Microsoft Copilot Studio by Tenable security researcher Evan Grant and was acknowledged by Microsoft.
Ttracked as CVE-2024-38206 (CVSS score: 8.5) einformation disclosure flaw stems from a server-side request forgery (SSRF) attack that could allow an authenticated attacker to leak sensitive information across the network.
The vulnerability exploits Copilot's capability to make external web requests. By bypassing SSRF protections, an attacker can gain access to Microsoft's internal infrastructure supporting Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances.
The attack allows for the retrieval of managed identity access tokens, which can then be used to access additional internal resources. This includes gaining read/write access to a Cosmos DB instance, although cross-tenant information was not accessible.
The SSRF protection bypass was achieved by manipulating HTTP request headers and utilizing a "301 Moved Permanently" redirect response. This enabled the attacker to circumvent IMDS restrictions and acquire critical metadata, leading to further exploitation. While the flaw does not directly impact cross-tenant environments, the shared infrastructure supporting Copilot Studio could pose a risk to multiple customers.
The vulnerability was patched and Microsoft states that no customer action is necessary.
In a related update, Microsoft announced that starting in October 2024, multi-factor authentication (MFA) will be mandatory for all Microsoft Azure accounts as part of its Secure Future Initiative (SFI). This requirement will apply to sign-ins across various Azure and Microsoft management platforms, with gradual enforcement expanding into early 2025.
