Security News > 2024 > August > Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

2024-08-27 06:09
Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. "ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said. "This means that an attacker
News URL
https://thehackernews.com/2024/08/microsoft-fixes-ascii-smuggling-flaw.html
Related news
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- Microsoft total recalls Recall totally to Copilot+ PCs (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- Product Walkthrough: Securing Microsoft Copilot with Reco (source)
- New Microsoft 365 outage impacts Teams and other services (source)