Share

    • Vulnerability in Microsoft 365 Copilot Dubbed 'SearchLeak' Patched

    By Any June 16, 2026
    Microsoft has patched a critical vulnerability chain named 'SearchLeak' in its M365 Copilot platform. Discovered by security firm Varonis, the exploit could have allowed attackers to exfiltrate sensitive user data, including emails and 2FA codes, with a single click on a crafted URL.
    Vulnerability in Microsoft 365 Copilot Dubbed 'SearchLeak' Patched

    Vulnerability in Microsoft 365 Copilot Dubbed ‘SearchLeak’ Patched A newly disclosed security flaw in Microsoft 365 Copilot shows how a single click on a trusted Microsoft link could have quietly siphoned sensitive data from corporate users before the company rushed to fix it.

    Early discovery and Microsoft’s response

    Varonis Threat Labs first uncovered a chain of three bugs in Microsoft 365 Copilot Enterprise Search, later named “SearchLeak,” that allowed data theft with just one click on a crafted microsoft.com URL. Microsoft assigned the issue CVE-2026-42824 on June 4, rating it critical in its own system, and patched the vulnerability on the Copilot backend last Tuesday, requiring no customer action because Copilot Enterprise is a managed service.

    By Monday, Varonis researchers publicly detailed how the proof-of-concept exploit worked, showing that the same chain could retrieve two-factor authentication (2FA) codes and other sensitive data from emails accessible to Copilot.

    How the SearchLeak exploit worked

    Varonis described the attack as a “Parameter-to-Prompt Injection” that abuses the q parameter in the Copilot Enterprise Search URL, which is intended for natural-language queries. An attacker could craft a URL instructing Copilot to search the victim’s mailbox, extract information such as email subject lines or 2FA codes, and embed them inside an image URL, all executed automatically when the victim clicked once on the link.

    A race condition in how Copilot’s response is rendered allowed injected <img> tags to fire outbound requests before Microsoft’s guardrails wrapped the output in code blocks to neutralize markup. The final step leveraged Bing’s “Search by Image” endpoint, exploiting server-side request forgery against an allowlisted *.bing.com domain to exfiltrate the embedded data to an attacker-controlled server.

    Broader implications for AI security

    Security researchers and commentators argue that SearchLeak underscores a deeper, recurring problem in large language model (LLM) security: AI systems struggle to distinguish between legitimate user instructions and malicious instructions hidden in third-party content. This “incurable gullibility,” they contend, forces vendors like Microsoft to rely on complex guardrails that attackers continue to bypass, as demonstrated by the ability of SearchLeak to “catapult over” restrictions on web requests and data exfiltration.

    Continue reading https://foxvector.com/stories/019ed215-789f-0d34-71dd-2b502a31a3f9

    Write a comment