Critical SharePoint Flaw Exposed: How Hackers Could Steal Credentials Across Microsoft’s Power Platform

Critical SharePoint Flaw Exposed: How Hackers Could Steal Credentials Across Microsoft's Power Platform

Critical SharePoint Vulnerability in Microsoft Power Platform Patched

A significant security vulnerability has been discovered and patched in Microsoft SharePoint’s Power Platform connector. The flaw, rated as “Important” by Microsoft, could enable attackers to capture user credentials and execute unauthorized actions within the system.

Key Points:
– The vulnerability affects multiple services including Power Automate, Power Apps, Copilot Studio, and Copilot 365
– Microsoft patched the issue on December 13, following its discovery in September 2024
– The flaw is classified as a server-side request forgery (SSRF) vulnerability

Attack Requirements:
– Attackers need Environment Maker and Basic User roles in Power Platform
– Initial access to the target organization is prerequisite
– Exploitation involves manipulating custom URL values within the SharePoint connector

Potential Impact:
– Unauthorized access to sensitive SharePoint data
– Ability to send API requests impersonating legitimate users
– Possible token harvesting through Canvas apps or Copilot agents
– Extended attack surface through Teams channel integration

The vulnerability highlights significant security concerns within Power Platform’s interconnected services, particularly regarding SharePoint connector usage and access right management across various environments. Organizations using these services should ensure they’ve applied the latest security patches to prevent potential exploitation.

Share This Article