Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk

A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data.

The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a Local File Inclusion (LFI) attack vector that could potentially compromise confidential system information across multi-tenant environments.

Discovery and Initial Investigation

The security flaw was initially uncovered during a routine client assessment when a cybersecurity researcher was analyzing a web application that featured document conversion capabilities.

The application utilized Microsoft’s official APIs to transform various document formats into PDFs through SharePoint integration.

During testing, the researcher identified an anomalous behavior that allowed unauthorized access to local system files during HTML-to-PDF conversion processes.

What made this discovery particularly significant was the revelation that the vulnerability existed within Microsoft ...