Researchers disclose SearchLeak flaw in Microsoft 365 Copilot Enterprise search

AI-Generated Summary

3 sources

15 hours ago

1 views

Researchers disclose SearchLeak flaw in Microsoft 365 Copilot Enterprise search

Photo: The Next Web

Key Points

Varonis Threat Labs reports a vulnerability chain in Microsoft 365 Copilot Enterprise Search called “SearchLeak.”
The attack can be triggered via a specially crafted URL that uses a legitimate microsoft.com domain, reducing effectiveness of URL-based defenses.
Researchers say the one-click flow can exfiltrate emails and calendar information from a target Microsoft 365 environment.
The chain is also described as enabling theft of indexed file content accessible through Copilot Enterprise Search.
One report states the chain could allow attackers to capture MFA codes, in addition to other data.

Security researchers from Varonis Threat Labs disclose a vulnerability chain, dubbed “SearchLeak,” affecting Microsoft 365 Copilot Enterprise Search. They describe how an attacker can exploit a crafted, single-click URL that appears to be hosted on a legitimate microsoft.com domain. Because the link uses a real Microsoft domain, the researchers say common anti-phishing and URL filtering approaches would be less effective.

In the described scenario, the one-click flow can be used to exfiltrate information from a target’s Microsoft 365 environment. The reported data includes emails and calendar details, as well as information from indexed files accessed through Copilot Enterprise Search. One report also notes the possibility of obtaining multi-factor authentication (MFA) codes as part of the chain.

Across the coverage, the key point is that the issue is not presented as a single isolated bug, but as multiple linked weaknesses that together enable data theft through a trusted link. The outlets report the researchers’ findings and naming of the attack path but do not indicate in the provided text which specific Microsoft components or mitigations were applied or when the vulnerability was fixed.

How Outlets Covered This Story

THE

The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Security researchers at Varonis Threat Labs have disclosed a vulnerability chain in Microsoft 365 Copilot Enterprise Search that could have let an attacker steal emails, calendar entries, and indexed files with a single click. The attack, which Varonis calls SearchLeak, worked through a crafted URL on a legitimate microsoft.com domain, meaning traditional anti-phishing and URL […] This story continues at The Next Web

11 hours ago

THE

The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were

14 hours ago

BLE

Bleeping Computer

New attack turned Microsoft 365 Copilot into 1-click data theft tool

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]

16 hours ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Researchers disclose SearchLeak flaw in Microsoft 365 Copilot Enterprise search

Trump interacts with UFC Freedom 250 fighter Josh Hokit after chain gesture amid backlash

Developers describe shifting workflows as AI coding agents, skills, and orchestration mature

UK plans to ban social media access for under-16s