Microsoft Anti-Phishing Rules Block Legitimate Emails and Teams Messages
Microsoft Exchange Online Security Glitch Causes Wrongful Quarantine of Legitimate Emails and Teams Messages
A software glitch in Microsoft’s Exchange Online security system caused the wrongful quarantine of thousands of legitimate emails and Teams messages, the company revealed in a preliminary incident report.
Causes of the Incident
The issue, which began on February 5 and was not fully resolved until February 12, was triggered by a logic error in a heuristic detection rule designed to block credential phishing campaigns.
The flawed rule incorrectly flagged numerous legitimate URLs as phishing links, resulting in users being unable to open emails and Teams messages.
Administrators received false positive warnings, stating that a “potentially malicious URL click was detected.”
Microsoft confirmed that these alerts were incorrect and caused by the faulty detection rule.
Impact and Resolution
The company’s security system, intended to identify novel credential phishing attacks, was updated shortly before the incident.
However, the update contained a logic error, which led to an excessive number of false positives.
This, in turn, triggered a cascade of automated responses that exacerbated the problem.
Other security tools within Microsoft’s detection infrastructure also amplified the incident’s impact.
A separate bug in the company’s security signature systems further delayed efforts to roll back the flawed detection rules.
Preventing Similar Incidents
Microsoft classified the issue as an “incident,” which typically involves noticeable user impact.
The company has addressed similar issues in the past, including an Exchange Online bug that caused a machine learning model to incorrectly flag emails from Gmail accounts as spam.
Another incident caused anti-spam systems to mistakenly quarantine some users’ emails.
Microsoft is working to prevent similar incidents in the future.
The company is also addressing a separate bug that allowed its AI-powered Microsoft 365 Copilot Chat to summarize confidential emails since late January.
Conclusion
In the wake of this incident, Microsoft emphasized the importance of its security systems and the need for ongoing improvement.
The company is committed to providing secure and reliable services to its users and is working to prevent similar incidents from occurring in the future.
About Author
English