topic Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data in Threats https://community.isc2.org/t5/Threats/Microsoft-Patches-Critical-Copilot-Studio-Vulnerability-Exposing/m-p/73311#M1359 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information.</P><P>Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (<A href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery" target="_blank" rel="noopener">SSRF</A>) attack.</P><P>"An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network," Microsoft <A href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38206" target="_blank" rel="noopener">said</A> in an advisory released on August 6, 2024.</P><P>&nbsp;</P><P>The tech giant further said the vulnerability has been addressed and that it requires no customer action</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html" target="_blank" rel="noopener">https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html</A></P><P>&nbsp;</P><P><A href="https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data" target="_blank">https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 22 Aug 2024 02:42:40 GMT Caute_cautim 2024-08-22T02:42:40Z Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data https://community.isc2.org/t5/Threats/Microsoft-Patches-Critical-Copilot-Studio-Vulnerability-Exposing/m-p/73311#M1359 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information.</P><P>Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (<A href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery" target="_blank" rel="noopener">SSRF</A>) attack.</P><P>"An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network," Microsoft <A href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38206" target="_blank" rel="noopener">said</A> in an advisory released on August 6, 2024.</P><P>&nbsp;</P><P>The tech giant further said the vulnerability has been addressed and that it requires no customer action</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html" target="_blank" rel="noopener">https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html</A></P><P>&nbsp;</P><P><A href="https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data" target="_blank">https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 22 Aug 2024 02:42:40 GMT https://community.isc2.org/t5/Threats/Microsoft-Patches-Critical-Copilot-Studio-Vulnerability-Exposing/m-p/73311#M1359 Caute_cautim 2024-08-22T02:42:40Z