August 29, 2024 at 08:16AM Microsoft Copilot is gaining popularity as an artificial intelligence productivity assistant for large enterprises. However, Zenity’s CTO Michael Bargury warns about cybersecurity risks due to Copilot’s deep access into enterprise systems, making it vulnerable to malicious attacks. Bargury demonstrated how a single email can take over Copilot, despite acknowledging its … Read more
August 28, 2024 at 09:08AM Microsoft fixed flaws in Copilot that allowed attackers to steal users’ emails and personal data through a series of LLM-specific attacks, including prompt injection. Red teamer Johann Rehberger disclosed the exploit, prompting Microsoft to make changes for customer protection. The exploit used prompt injection, automatic tool invocation, and ASCII smuggling … Read more
August 21, 2024 at 11:20AM Tenable researchers discovered a server-side request forgery (SSRF) vulnerability in Microsoft’s Copilot Studio tool, allowing attackers to access sensitive cloud-based information. This flaw, tracked as CVE-2024-38206, could impact multiple tenants by bypassing SSRF protection. However, Microsoft has fully mitigated the vulnerability, ensuring no action is required from Copilot Studio users. … Read more
August 21, 2024 at 08:54AM A vulnerability in Microsoft Copilot Studio, tracked as CVE-2024-38206, allowed access to sensitive internal infrastructure. Despite being fully mitigated, an attacker could bypass server-side request forgery protection to leak information. The exploitation also led to access to Cosmos DB instances. This flaw may have had cross-tenant impacts, prompting concern over … Read more
August 8, 2024 at 02:56PM Enterprises are rapidly adopting Microsoft’s Copilot AI-based chatbots to enhance employee productivity, but security researcher Michael Bargury demonstrated at Black Hat USA how attackers could exploit Copilot for data theft and social engineering. He also released an offensive toolset for Copilot and emphasized the need for better detection of “promptware” … Read more
July 9, 2024 at 02:14PM Microsoft released the KB5040427 cumulative update for Windows 10 21H2 and 22H2, containing 13 changes and mandatory security updates. Users can manually install through Windows Update or schedule the installation. Notably, it includes Microsoft Copilot behaving like an app, addressing various issues, and introducing new improvements, while also resolving some … Read more
April 18, 2024 at 08:13AM Microsoft revealed that the Copilot app, added to Windows installs by recent Edge updates, doesn’t collect or relay data, but was mistakenly included. Though tested in Windows Server 2025, it faced backlash and was removed. However, it unexpectedly appeared in Windows Server 2022 and impacted Windows 10 and 11. Microsoft … Read more
April 9, 2024 at 02:00PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, featuring 29 changes and enabling Moment 5 features for all users. It’s mandatory for April 2024 security updates fixing sixty vulnerabilities. The update can be installed via Windows Update or Microsoft Update Catalog and includes multiple enhancements and fixes. … Read more
April 3, 2024 at 10:23AM Microsoft Copilot is hailed as a valuable productivity tool, integrated with Microsoft 365 apps. However, its use poses data security risks if organizational permissions are not appropriately configured. Varonis points out potential exploits and offers solutions to prevent unauthorized data access. They advocate for securing data before enabling Copilot and … Read more
February 29, 2024 at 01:30PM Microsoft has released the Windows 11 ‘Moment 5’ update for versions 23H2 and 22H2, introducing new features like Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. Windows users can opt to receive the update now or wait for it to roll out … Read more