Microsoft Copilot Security Vulnerability Allows File Access Without Audit Logging
By
Sayrus
The bagel they save for the regulars. Don't skim, savour.
Summary
A security researcher discovered a critical vulnerability in Microsoft's Copilot AI where the system can access and retrieve information from files without generating audit log entries, effectively creating invisible access that bypasses security monitoring. The researcher found they could deliberately trigger this behavior by asking Copilot to access files without logging, and Microsoft has been aware of the issue for months but hasn't publicly disclosed or fixed it, creating significant security risks for organizations relying on audit logs for compliance and security monitoring.
Key quotes
· 4 pulledSometimes it would access a file and return the information, but the audit log would not reflect that
I discovered that I could simply ask Copilot to behave in that manner, and it would
Microsoft has been aware of the issue for months but hasn't publicly disclosed or fixed it
This creates significant security risks for organizations relying on audit logs for compliance and security monitoring
You might also wanna read
Microsoft 365 Copilot passes second ISO 42001 security audit with zero findings
Microsoft 365 Copilot, Redmond's AI assistant integrated across Microsoft 365 services (Word, Excel, PowerPoint, Teams), has passed an exter
neowin.net·4d ago
Microsoft's NLWeb Protocol Faces Early Security Flaw, Exposing Sensitive Data
Researchers discovered a critical vulnerability in Microsoft's NLWeb protocol, which was recently introduced as a revolutionary tool for int
The Verge·9mo ago
Researchers Demonstrate How Inaudible Audio Commands in Podcasts and Videos Can Hijack AI Voice Assistants
Researchers have demonstrated a new cybersecurity threat where hackers can embed inaudible sounds into podcasts, YouTube videos, or other au
futurism.com·5d ago