Microsoft 365 Copilot Found Vulnerable to Zero-Click Attack
Microsoft 365 Copilot, an AI chatbot designed for enterprise use across Office applications, has been discovered to have a serious security vulnerability. According to cybersecurity firm Aim Security, this zero-click vulnerability could allow attackers to exploit the chatbot through a simple text email, potentially gaining access to sensitive information stored on users’ devices. Fortunately, Microsoft has addressed the issue and assured that no users were impacted by this flaw.
Understanding the Zero-Click Vulnerability
Aim Security recently published a blog post detailing the zero-click vulnerability discovered in Microsoft 365 Copilot. A zero-click attack is particularly concerning because it doesn’t require the victim to take any action, such as downloading a file or clicking on a link. Simply opening an email could trigger the hacking attempt, making it a significant threat to users. The research highlights the inherent risks associated with AI chatbots, especially those with agentic capabilities – the ability to perform actions autonomously, such as accessing tools to retrieve data.
Mechanics of the Attack
Researchers explained that the attack was executed using a method known as cross-prompt injection attack (XPIA) classifiers. This technique involves manipulating inputs across various prompts, sessions, or messages to control the AI system’s behavior. Attackers could embed malicious instructions through various means, including attached files, hidden text, or images. The researchers demonstrated that the XPIA bypass could be initiated through email or images, where malicious instructions could be embedded in the alt text. The attack could also be executed via Microsoft Teams by sending a GET request to a malicious URL, allowing it to commence without any user action.
Microsoft’s Response and Resolution
In response to the findings, a Microsoft spokesperson acknowledged the vulnerability and expressed gratitude to Aim Security for identifying and reporting the issue. The company has implemented a fix to address the vulnerability, ensuring users are no longer at risk. The spokesperson confirmed that no users were affected by the flaw, emphasizing Microsoft’s commitment to maintaining product security. This incident serves as a reminder of ongoing cybersecurity challenges, particularly as AI technologies continue to evolve. As organizations increasingly rely on AI tools like Microsoft 365 Copilot, remaining vigilant against potential vulnerabilities is crucial to protecting sensitive information.
