Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Researchers have already found critical weakness in New NLWB protocol Microsoft made a big deal about only a few months in Build. It is a protocol that is supposed to be “HTML for Agentic Web”, providing a chasgpt research to any website or application. The discovery of the embarrassing security defect comes in the early stages of Microsoft that publishes NLWB with customers like Shopify, Snowlake and Tripadvisor.
The defect allows any users to read sensitive files, including system composition files and Openai or Gemini API. The worst of this is that it is a defect in the classic path, which means that it is easy to exploit like a distorted URL visit. Microsoft has corrected the defect, but it raises questions about how to pick up something essential like this The new new Microsoft focus on safety.
“This case study is a decisive reminder that with the construction of new systems that operate with the same hostile factors, we must reassess the effect of classic weaknesses, which now have the ability to waive servers not only, but“ brains ”of artificial intelligence factors themselves,” One says he deceivesOne of the security researchers (alongside the Lei Wang) who was informed of the defect to Microsoft. Joan is a great cloud security engineer in Wise (yes, That WiseBut this research was made independently.
Joan and Puang reported a defect to Microsoft on May 28, just weeks after NLWB was unveiled. Microsoft released a reform on the first of July, but it did not issue Cve for this issue – the industry standard to classify weaknesses. Security researchers pushed Microsoft to release Cve, but the company was reluctant to do so. Cve will alert more people to repair and allow people to follow it closely, even if NLWB is not widely used.
Ben Hop, Microsoft spokesman, says in a statement to freedom. “Microsoft does not use the affected code in any of our products. Customers who use the warehouse are automatically protected.”
Guan says NLWB users “must withdraw and set up a new building version to eliminate the defect,”
During the leakage of the .env file in the web application is dangerous enough, Joan argues as a “catastrophic” of the artificial intelligence agent. “These files have API keys for LLMS like GPT-4, which is the agent’s cognitive engine,” says Joan. “The attacker not only steals accreditation data, but rather steals the agent’s ability to think, mind and behave, which may lead to a huge financial loss from abuse of the application programming interface or the creation of harmful cloning.”
Microsoft is also moving forward with the original support for Form Context Protocol (MCP) in WindowsAll while they are their security researchers to caution MCP risk in recent months. If the NLWB defect is anything to go through, you will need Microsoft to follow an additional accurate approach in achieving a balance between the speed of offering new artificial intelligence features for adherence to safety is the first priority.