It was inevitable: a critical vulnerability has been found in Microsoft 365. And more will follow.
A report from security company Aim Security reveals that the first zero-click vulnerability has been discovered in Microsoft 365 Copilot.
How Does EchoLeak Work?
Through the vulnerability, named EchoLeak, hackers could access sensitive documents via Copilot by manipulating the language model. Attackers sent an infected email with markdown code that bypassed Microsoft’s security measures.
Afterward, the attackers could unnoticeably retrieve data such as internal memos, strategic documents, or personal information in SharePoint and Teams. As it’s a zero-click vulnerability, the user didn’t need to take any action, like clicking a link, to grant access to the attackers.
Microsoft has since acknowledged the vulnerability and reports that it hasn’t been actively exploited, according to SiliconANGLE. Experts say such vulnerabilities will appear more frequently. “‘With such a growing attack surface, it was only a matter of time,’ according to a security expert. This discovery ‘has serious implications for NATO, government, defense, and anyone professionally deploying AI agents’.”