Microsoft has addressed a crucial flaw in its NLWeb AI search system, however, a CVE (Common Vulnerabilities and Exposures) number has yet to be assigned for this patch.
Microsoft Quickly Addresses NLWeb Vulnerability, But Users Must Manually Update
A critical vulnerability discovered in Microsoft's NLWeb protocol has been addressed by the tech giant, with a patch released on July 1, 2023. However, the patch does not come with a CVE identifier, which has drawn criticism for limiting awareness and public tracking of the flaw.
Researchers Aonan Guan and Lei Wang uncovered the vulnerability, which was caused by a path traversal issue due to the use of in the code. The flaw allows remote users to read sensitive files without authorization, including system configurations () and cloud credentials ( files).
Microsoft has stated that all users of the NLWeb repository, such as Shopify, Snowflake, and TripAdvisor, are automatically protected if they update their instances to versions including or after the patched commit (8ffdb0f). However, users must manually update and deploy the patched version to secure their NLWeb implementations, as the fix is not automatically applied in deployed environments.
Security experts, including Guan, have recommended additional mitigations. These include implementing a Web Application Firewall (WAF) or reverse proxy rules, avoiding binding NLWeb directly to public IP addresses to reduce exposure, and monitoring for suspicious HTTP errors linked to path traversal attempts.
Guan also emphasized the broader security implications, warning that such vulnerabilities could compromise not only servers but also "the brains" of AI agents, such as API keys, allowing attackers to create malicious AI clones or incur costs.
In summary, the patch for the NLWeb vulnerability is released and publicly available, but users need to manually update and deploy it. While Microsoft has not issued a CVE for the flaw, users experimenting with or deploying NLWeb should immediately update and follow recommended security best practices.
NLWeb is an agentic AI tool that allows users to search web pages using a generative AI chatbot. The vulnerability serves as a reminder that classic vulnerabilities can compromise not just servers, but the core functionalities of AI agents. Guan's report serves as a call to action for organizations to configure monitoring systems for high-priority alerts for suspicious HTTP errors for URIs with path traversal patterns and to update their NLWeb instance to the patched version from the official GitHub repository.
At the time of publication, Microsoft has not responded to the report. It is essential for organizations to prioritize security measures to protect their systems and AI agents from such vulnerabilities.
- The vulnerability in Microsoft's NLWeb protocol, addressed on July 1, 2023, was found to be due to the misuse of data-and-cloud-computing in the code, potentially exposing sensitive files like system configurations and cloud credentials.
- Despite Microsoft's patch releasing, it's crucial for users to manually update their NLWeb implementations to the patched version, as this fix is not automatically applied in deployed environments, and the security implications extend to the cybersecurity of AI agents.
%20number%20has%20yet%20to%20be%20assigned%20for%20this%20patch.){kind=link}