A security vulnerability in Microsoft 365 Copilot has allowed the AI assistant to access and summarize corporate emails marked as "confidential."
Key Details of the Incident:
- The Issue: The chatbot mistakenly processed sensitive Outlook data via the "Work" tab, which is designed to answer queries using internal company information.
- Tracking ID: The internal incident is tracked as CW1226324.
- The Impact: Users could potentially prompt the assistant to summarize or extract information from emails that should have been restricted due to their confidentiality labels.
Current Status and Fix:
Microsoft has officially acknowledged the flaw and has already begun a gradual rollout of a security patch. While the fix is currently being deployed to users worldwide, the company has not provided a specific deadline for when the update will reach all global tenants.
Security administrators are advised to monitor Microsoft 365 health dashboards for updates regarding this fix.
