August 21, 2024Ravie LakshmananSoftware Security / Vulnerability

Cybersecurity researchers have discovered a critical security flaw affecting Microsoft’s Copilot Studio that could be exploited to access sensitive information.

The vulnerability is known as CVE-2024-38206 (CVSS score: 8.5) and is described as an information disclosure bug resulting from a Server-Side Request Forgery (SSRF) attack.

“An authenticated attacker could bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio and leak sensitive information over a network,” Microsoft said in an advisory released on August 6, 2024.

The tech giant further said that the vulnerability has been fixed and no customer action is required.

Evan Grant, a security researcher at Tenable who discovered and reported the flaw, says the program abuses Copilot’s ability to make external web requests.

“In combination with a clever bypass of the SSRF protection, we leveraged this vulnerability to gain access to Microsoft’s internal infrastructure for Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant said.

In other words, the attack technique allowed for the retrieval of the instance’s metadata in a Copilot chat message. This data could then be used to obtain managed identity access tokens. These tokens could then be abused to gain access to other internal resources, including read/write access to a Cosmos DB instance.

The cybersecurity firm further noted that while the approach does not provide access to information between tenants, the infrastructure that enables the Copilot Studio service is shared across multiple tenants. This could impact multiple customers when they access Microsoft’s internal infrastructure.

The revelation follows the disclosure of two now-patched vulnerabilities in Microsoft’s Azure Health Bot Service (CVE-2024-38109, CVSS score: 9.1). If exploited, these could allow a malicious user to move within customers’ environments and gain access to sensitive patient data.

This also follows an announcement from Microsoft that all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts by October 2024 as part of the Secure Future Initiative (SFI).

“MFA is required to log into the Azure Portal, Microsoft Entra Admin Center, and Intune Admin Center. Enforcement is being rolled out gradually to all tenants globally,” Redmond said.

“Starting in early 2025, MFA will be gradually enforced when signing in to Azure CLI, Azure PowerShell, Azure Mobile App, and Infrastructure as Code (IaC) tools.”