A recent vulnerability was discovered in Microsoft Copilot for Work, allowing potential data exfiltration of images from SharePoint via HTML injection. By tricking Copilot into rendering image tags, authenticated users could access sensitive images without direct file access. Microsoft Security Response Center (MSRC) has since acknowledged the issue but categorized it as low severity. Affected: Microsoft Copilot for Work, SharePoint
Keypoints :
- A vulnerability in Microsoft Copilot for Work allows data exfiltration of images from SharePoint using HTML injection.
- The attack utilizes the Crescendo multi-turn jailbreak technique to render external image data.
- By manipulating user interactions, attackers can make Copilot generate image tags to pull images from SharePoint.
- The exploit showed capability to access different folders within SharePoint, including “Documents” and “Attachments.”
- Microsoft categorized the vulnerability as low severity and stated no immediate fixes were required, although a subsequent update rendered the exploit ineffective.
- The incident was reported and tracked through various stages by the MSRC, leading to a formal disclosure write-up.
- Communication with MSRC was highlighted as a positive part of the vulnerability disclosure experience.
- Helpful resources for bug hunting were shared as part of the learning process.