Microsoft confirmed that a logic error in Exchange Online’s heuristic detection for credential phishing incorrectly flagged thousands of legitimate URLs as phishing, blocking links in emails and Microsoft Teams messages between February 5 and February 12. The false positives triggered automated removals, misleading alerts, and were amplified by other security tools and a signature-system bug; Microsoft tracked the event as EX1227432 and will publish a final report within five business days. #Microsoft #ExchangeOnline
Keypoints
- A logic error in a heuristic detection for novel credential phishing caused legitimate URLs to be misclassified.
- The incident, tracked as EX1227432, disrupted link access in Exchange Online and Microsoft Teams from Feb 5 to Feb 12.
- Automated protections removed messages and generated false “potentially malicious URL click” alerts for administrators.
- Other detection components amplified the impact, and a bug in signature systems delayed rollback of the flawed rules.
- Microsoft will issue a final post-incident report within five business days and has previously addressed similar email-quarantine issues.