Tenable Uncovers Critical Flaw in Microsoft Copilot Studio

Tenable, an exposure management company, has revealed a critical vulnerability in Microsoft Copilot Studio. The flaw, discovered by Tenable’s research team, involves a server-side request forgery (SSRF) that could potentially expose sensitive internal information with cross-tenant implications.

The vulnerability stems from improper handling of redirect status codes within user-configurable actions in Copilot Studio. This issue follows recent discoveries of flaws in other Microsoft services, including Azure Health Bot and Azure API Management.

An SSRF vulnerability allows attackers to manipulate server-side applications into making unauthorized HTTP requests, potentially revealing sensitive data. Exploiting this flaw could have granted attackers access to the internal infrastructure of Copilot Studio, including Azure’s Instance Metadata Service (IMDS) and shared resources like Cosmos DB.

“In the context of cloud applications, a common target is the Instance Metadata Service (IMDS) which, depending on the cloud platform, can yield useful, potentially sensitive information for an attacker. In this case, we were able to retrieve managed identity access tokens from the IMDS. No information beyond the usage of Copilot Studio was required to exploit this flaw,” explains Jimi Sebree, senior staff research engineer, Tenable. “As in some of the previous vulnerabilities found by our research team, this vulnerability demonstrates that mistakes can be made when companies rush to be the first to release products in a new or rapidly expanding space.”

Microsoft confirmed that the issue was remediated as of July 31, 2024, with no customer action required.