Dutch cybersecurity company Eye Security has discovered a security vulnerability in Microsoft Copilot Enterprise that allowed malicious actors to execute code on the underlying system. Microsoft has since fixed the vulnerability.
The problem was discovered during research into the security of Microsoft’s AI solutions in April. Eye Security demonstrated that it was possible to execute code on the underlying system using a pgrep command with elevated privileges. Although this increases the risk of unauthorized access to sensitive data and systems, Microsoft considered the leak to be a ‘medium’ risk. As a result, Eye Security did not receive a bug bounty.
Jupyter Notebook as an attack vector
The researchers encountered a problem within Copilot Enterprise’s live Python sandbox. Jupyter Notebooks appeared to allow commands to be executed with elevated privileges. Another issue also came into play: unauthorized access to Microsoft’s Responsible AI Operations panel.
AI solutions bring new challenges that organizations are still learning about, the research team notes. Microsoft is rapidly rolling out AI tooling, which may conflict with its self-imposed goal of getting its own security back in order. The latter was not in the best shape after attacks from cyber attackers in both Russia and China.
Read also: Microsoft repeats lessons it hadn’t learned from Russian hack
BlackHat presentation planned
Eye Security’s full investigation will be presented soon at BlackHat USA 2025 in Las Vegas. On Thursday, August 7, at 1:30 p.m. local time, Eye Security will share its findings in a session titled “Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications.”