A vulnerability has been discovered in Microsoft 365

Microsoft 365 Researchers have discovered a new way to leak data. At this point, a workflow automation feature was used. Status cyber security firm Varonis‘skin Eric Saraga he noticed. data leak Outlook, SharePoint and OneDrive with Microsoft 365 for Power Automatepasses through.

Microsoft 365 which is a feature that works by default in applications Power Automateallows users to create their own streams. To set these behaviors, the user must first establish a connection between the two applications to allow data to flow.

Microsoft 365 vulnerability has two methods

Saragasimilar to forwarding e-mails, these streams SharePoint and OneDrive He also explained that it can be used to extract files on their drives. MSGraph including other Microsoft 365 He added that there is also the possibility of data leakage from their applications.

Saragaexplained two ways streams can be abused. One of them is to provide direct communication to the victim’s endpoint. The other is a fake victim. Azure he has to trick him into downloading the app.

The first method is a little more difficult to implement. In addition, it also creates quite devastating effects. Saraga said about the situation:

“Creating streams is done programmatically using the stream API. Although there is no dedicated Power Automate API, flow endpoints are used to query existing connections and create a flow.”

Eric Saraga

The second method starts with a warning message for the victim to download the app. When the user agrees to run the malware application, they have valid permissions to create a stream. However, there is no way to create a new connection using the app. The attacker can only use existing connections. At this point, Azure applications limit malicious users to users who have already established certain connections.

You Microsoft 365 What do you think about the deficit? Do not forget to share your ideas with us in the comments section!