One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Researchers at Varonis Threat Labs disclosed a chained vulnerability in Microsoft 365 Copilot Enterprise Search that allowed attackers to steal emails, calendar data, files, and multi-factor authentication codes through a single malicious link.

The flaw, dubbed SearchLeak, combined three separate bugs into a one-click exfiltration attack. Because the attack vector used legitimate microsoft.com domains, conventional URL filtering and anti-phishing tools failed to block the malicious requests. Attackers could craft a deceptive link that, when clicked by a targeted user, would pull sensitive data directly from Microsoft 365 Copilot's search index without triggering security warnings.

The attack chain exploited weaknesses in how Microsoft 365 Copilot handles authentication and data access permissions. Once a user clicked the link, the malicious request executed with the victim's privileges, granting attackers access to all searchable content within the targeted organization's tenant. This included private emails, calendar entries, document metadata, and potentially MFA codes cached or accessible through the search system.

The severity stems from the convergence of multiple factors. First, users trust links pointing to microsoft.com domains and are unlikely to scrutinize them carefully. Second, Copilot's broad indexing of enterprise data means a successful compromise exposes far more than a single email or file. Third, the attack required minimal user interaction. No malware installation, credential harvesting, or social engineering was necessary beyond the initial click.

Varonis researchers reported the vulnerability through Microsoft's responsible disclosure process. Microsoft addressed the issue, though specific patch details and CVE assignment information remain limited in early reporting. Organizations running Microsoft 365 with Copilot Enterprise Search should verify that their deployments include the latest security updates.

The SearchLeak disclosure highlights broader risks in AI-powered search tools integrated into enterprise platforms. As