One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Varonis Threat Labs researchers discovered a critical vulnerability in Microsoft 365 Copilot Enterprise Search that could allow attackers to steal emails, calendar entries, and indexed files with a single click. The exploit, dubbed SearchLeak, chains together three separate bugs to create a one-click exfiltration path. Because the malicious link originates from a legitimate microsoft.com domain, standard anti-phishing and URL filtering solutions would likely fail to detect it. The vulnerability specifically targets the Enterprise Search functionality within Microsoft 365 Copilot. Successful exploitation could grant attackers access to sensitive user data stored within the Microsoft 365 environment. Microsoft has been notified of the vulnerability and is expected to release a patch to address the security flaw. The researchers detailed their findings in a blog post on March 11, 2024, highlighting the potential impact on organizations using Microsoft 365 Copilot. They emphasized that the exploit leverages the trust inherent in links originating from Microsoft's own domains, making it particularly insidious. The discovery underscores the ongoing security challenges associated with complex enterprise software and the need for continuous vigilance against sophisticated attack vectors. Further details on the technical aspects of the exploit are expected to be released following Microsoft's remediation efforts.