Microsoft — Data Breach

majorAnti-PrivacyJun 7, 2024 → Aug 6, 2024Data Breach

Executive Summary

Security researchers at Tenable disclosed a critical SSRF vulnerability (CVE-2024-38206) in Microsoft Copilot Studio that allowed authenticated attackers to leak sensitive information from Microsoft's internal cloud infrastructure, including access to Azure services and Cosmos DB instances. The vulnerability had a CVSS score of 8.5. Microsoft patched the flaw and stated no customer action was required.

Post LinkedIn Reddit Email

ai-training data-breach

Sources

Tenable: Critical SSRF vulnerability in Microsoft Copilot Studio
The Hacker News: Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data