Exchange Online Bug Incorrectly Flags Safe Emails as Phishing Attempts

Microsoft is looking into a severe Exchange Online issue in which legitimate emails are wrongly identified as phishing. Since February 5, numerous users have noticed that routine emails are being marked as suspicious and immediately moved to quarantine. This has posed challenges for enterprises who rely on Microsoft 365 and Exchange Online email services for regular communication.

According to Microsoft, the issue is related to a recently updated URL filtering rule intended for better spam and phishing detection. However, this new filter incorrectly identifies safe website links within emails as unsafe. As a result, legitimate emails are identified as phishing attempts and blocked before they reach users' inboxes.

Microsoft stated that the situation is still ongoing and classified it as a service event, which normally results in substantial interruptions for consumers. While the company has not stated how many users or places are affected, it has assured users that engineers are working on a solution. In the meantime, Microsoft is evaluating quarantined messages and gradually releasing emails that were incorrectly blocked. Some users are already seeing previously marked emails returning to their inboxes. To avoid further inconvenience, the organization checks and unblocks legitimate URLs.

This is not the first time that Exchange Online has encountered email filtering issues. Similar vulnerabilities in the past enabled anti-spam systems to improperly intercept emails or block secure links. As cyber dangers increase, businesses rely largely on good email security and phishing protection, but updates must be thoroughly evaluated to minimize business disruptions. Microsoft stated it will release an expected resolution time after full remediation has been confirmed. Until then, impacted organizations should monitor their quarantine files and follow official service alerts.

Information referenced in this article is from Bleeping Computer