Microsoft: Exchange Online mistakenly tags emails as malware
Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine.
"Users' email messages containing images may be incorrectly flagged as malware and quarantined," Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago.
"We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan."
Tracked under EX873252, this ongoing service degradation issue seems to be widespread, according to reports from system administrators, and it also impacts messages with image signatures.
"Seems to only be affecting our outbound traffic and specifically for replies and forwards of previously external emails," one admin said.
"For us, it was both inbound and intra-org. Inbound only would have been much easier for me to deal with. They also basically tagged our intra as inbound from what I saw in tbr message header," another one added.
Redmond has yet to reveal what regions are impacted by this issue and provide mitigation advice for impacted customers until the false positive problems are resolved.
In October 2023, Microsoft addressed a similar issue caused by a bad anti-spam rule that flooded Microsoft 365 admins' inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam.
Update August 26, 13:00 EDT: Microsoft has taken measures to move legitimate emails from quarantine mistakenly tagged as malicious to customers' inboxes.
"We identified an issue affecting our malware detection systems. We've implemented a mitigation to unblock legitimate emails that were mistakenly quarantined. The replay of impacted emails is in progress," Microsoft said.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024