In April 2025, Dutch cybersecurity firm Eye Security uncovered a significant security vulnerability within Microsoft Copilot Enterprise, allowing unauthorized code execution on the underlying system. This discovery underscores the evolving challenges in securing AI-driven platforms and highlights the critical need for robust security measures in rapidly deployed AI solutions.
Discovery and Exploitation
Eye Security's investigation revealed that Copilot Enterprise's live Python sandbox, integrated with Jupyter Notebook, permitted commands to be executed with elevated privileges. The vulnerability stemmed from theentrypoint.sh script, which, running as root, utilized the pgrep command without specifying its absolute path. This oversight allowed attackers to place a malicious script named pgrep in a writable directory within the $PATH, leading to unauthorized code execution with root privileges. (cybersecuritynews.com)Microsoft's Response
Upon disclosure on April 18, 2025, Microsoft classified the vulnerability as 'moderate' and issued a fix by July 25, 2025. Despite the potential severity, Eye Security did not receive a bug bounty, as Microsoft's program rewards only 'critical' or 'high' severity issues. (cybersecuritynews.com)Broader Implications
This incident highlights the security risks associated with integrating AI tools like Jupyter Notebooks into enterprise environments. The open nature of Jupyter, while facilitating collaboration, also introduces vulnerabilities such as unauthorized access and code execution. (arxiv.org)Future Presentations
Eye Security plans to present their findings at BlackHat USA 2025 in Las Vegas, detailing the exploitation of Entra OAuth for unauthorized access to internal Microsoft applications. (cybersecuritynews.com)Conclusion
The discovery of this vulnerability serves as a critical reminder of the importance of rigorous security practices in the development and deployment of AI solutions. Organizations must remain vigilant, ensuring that the integration of AI tools does not compromise system integrity.Source: Techzine Global Critical vulnerability discovered in Copilot Enterprise
