Microsoft patched a critical flaw in its M365 Copilot AI platform that let attackers extract 2‑factor codes by embedding malicious URLs in emails.

A critical vulnerability was recently discovered in Microsoft's M365 Copilot AI platform, allowing hackers to steal 2-factor authentication (2FA) codes from users. This flaw enabled attackers to embed malicious URLs in emails, which could then extract the 2FA codes, potentially leading to unauthorized access to sensitive information.

Vulnerability Overview

The vulnerability in question was found to be related to the way Copilot handled certain types of URLs. By embedding malicious URLs in emails, attackers could trick users into revealing their 2FA codes, which are typically sent via SMS or email as an added layer of security.

Attack Vector

The attack vector involved sending phishing emails with malicious URLs that, when clicked, could extract the 2FA code from the user's device. This could be done without the user's knowledge or consent, making it a particularly insidious type of attack.

Mitigation and Patch

Microsoft has since patched the vulnerability, and users are advised to ensure their M365 Copilot AI platform is up to date. This should prevent any further exploitation of the flaw.

For more information on the vulnerability and the patch, users can Read the report from a reputable source.

  • Ensure all software is up to date
  • Use strong, unique passwords
  • Enable 2-factor authentication whenever possible
  • Be cautious when clicking on links in emails

It is essential for users to remain vigilant and take steps to protect themselves from similar attacks in the future. By following best practices and staying informed, users can reduce the risk of falling victim to phishing and other types of cyber attacks.