Microsoft 365 Copilot Exposed to Zero-Click EchoLeak Vulnerability

Microsoft 365 Copilot, the AI chatbot designed for enterprise use across Office applications, has been found to have a serious security vulnerability. According to a cybersecurity firm, this zero-click vulnerability could allow attackers to exploit the chatbot through a simple text email, potentially gaining access to sensitive information stored on users’ devices. Fortunately, Microsoft has addressed the issue, assuring that no users were impacted by this flaw.
Understanding the Zero-Click Vulnerability
The cybersecurity firm Aim Security recently published a blog post detailing the zero-click vulnerability discovered in Microsoft 365 Copilot. A zero-click attack is particularly concerning because it does not require the victim to take any action, such as downloading a file or clicking on a link. Simply opening an email could trigger the hacking attempt, making it a significant threat to users.
The research highlights the inherent risks associated with AI chatbots, especially those with agentic capabilities. Agentic capability refers to an AI’s ability to perform actions autonomously, such as accessing tools to retrieve data. For instance, Copilot can connect to OneDrive to fetch files in response to user queries, which exemplifies its agentic nature. This capability, while useful, also opens up avenues for exploitation.
Mechanics of the Attack
Researchers explained that the attack was executed using a method known as cross-prompt injection attack (XPIA) classifiers. This technique involves manipulating inputs across various prompts, sessions, or messages to control the behavior of the AI system. Attackers can embed malicious instructions through various means, including attached files, hidden text, or images.
The researchers demonstrated that the XPIA bypass could be initiated through email or images, where malicious instructions could be embedded in the alt text. Additionally, they noted that the attack could also be executed via Microsoft Teams by sending a GET request to a malicious URL. While the first two methods still require some user interaction, the latter allows the attack to commence without any action from the user, increasing its potential impact.
Microsoft’s Response and Resolution
In response to the findings, a Microsoft spokesperson acknowledged the vulnerability and expressed gratitude to Aim Security for identifying and reporting the issue. The company has since implemented a fix to address the vulnerability, ensuring that users are no longer at risk. The spokesperson confirmed to Fortune that no users were affected by the flaw, emphasizing Microsoft’s commitment to maintaining the security of its products.
This incident serves as a reminder of the ongoing challenges in cybersecurity, particularly as AI technologies continue to evolve. As organizations increasingly rely on AI tools like Microsoft 365 Copilot, it is crucial to remain vigilant against potential vulnerabilities that could compromise sensitive information.
Observer Voice is the one stop site for National, International news, Sports, Editorโs Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.