Thanks to the so-called “reprompt” attack method, cybercriminals could break into Microsoft Copilot user sessions. The attackers were able to steal data and execute malicious commands, even after the victim closed the Copilot window. Microsoft has since fixed this vulnerability.
Cybercriminals could have exploited so-called “reprompt” attacks to siphon sensitive data via Microsoft Copilot sessions. A simple click on a trapped link was enough to open access to the victim’s device, explains cybersecurity publisher Varonis in a blog post.
The manipulated link redirected to Copilot, which then executed a command via the “q” parameter in the URL, without interacting with the chat. According to Varonis, the so-called “double request” technique, consisting of duplicating malicious prompts, made it possible to bypass Copilot’s protection mechanisms, while the “chain request” technique allowed additional instructions to be sent to Copilot from the attacker’s server.
These attacks would have been both stealthy and easily industrializable. Microsoft’s AI assistant gradually leaked information, allowing attackers to generate new malicious instructions with each response. Since the commands came, after the first prompt, directly from the attacker’s server, it was impossible to determine, from the initial link, what data had been stolen. Client-side security tools were therefore unable to detect data exfiltration.
The attack scenario only exploited standard features and, apart from clicking on the link, did not require any other interaction from the user, Varonis said. Even after the victim closed the Copilot chat, the attackers retained access to the AI assistant.
Microsoft has released a security update to fix this flaw, Varonis says. The vulnerability exclusively concerned Copilot Personal. Business customers using Microsoft 365 Copilot were not affected.
IT news in Switzerland and internationally, with a focus on French-speaking Switzerland, directly in your mailbox > Subscribe to the newsletter d’ICTjournalsent Monday to Friday!
