Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.
How do I protect myself from this vulnerability? Customers can help protect themselves by enabling Outlook's external sender tagging feature to identify untrusted content. This enables Microsoft's provided mitigations to isolate and safely process the untrusted content before it is provided to Microsoft 365 Copilot. Administrators can enable external sender tagging through Exchange Online PowerShell. Refer to the Microsoft Learn documentation for setup instructions and requirements. Install the Exchange Online PowerShell Module Connect to Exchange Online PowerShell Set-ExternalInOutlook
<a href="https://enklypesalt.com/">Håkon Måløy</a>