Microsoft 365 has acknowledged an issue affecting its Exchange Online service, where some users’ email messages containing images are being incorrectly flagged as malware and quarantined.
This problem, identified under Issue ID EX873252, has been classified as a service degradation incident and is currently under investigation by Microsoft.
The issue emerged when users began reporting that their emails, particularly those containing images, were being mistakenly identified as malicious content. This has led to these emails being automatically quarantined, causing significant disruptions in communication for affected users.
The problem appears to be widespread, affecting various types of emails, including those with image signatures and replies or forwards of previously external emails.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
Microsoft has resolved the issue. The company is reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan.
As part of their immediate response, Microsoft has started implementing measures to unblock legitimate emails that were mistakenly quarantined. The process of replaying impacted emails to users’ inboxes is currently underway.
The scope of the impact is reportedly specific to some users who are served through the affected infrastructure. However, Microsoft has not disclosed the exact regions or number of users impacted.
The issue has been a cause of concern for system administrators and users alike, as it affects both inbound and intra-organizational emails, complicating the management of email flow.
This is not the first time Microsoft has faced such an issue. In October 2023, a similar problem arose due to a faulty anti-spam rule, which led to outbound emails being mistakenly flagged as spam. Microsoft had to address that situation by adjusting its spam detection systems.
Microsoft has assured users that it is prioritizing the resolution of this issue. The company is expected to provide further updates as they continue to work on a permanent fix. Users are advised to monitor communications from Microsoft for the latest information and guidance on how to manage their email systems during this period of disruption.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial