Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages

• Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages February 18, 2026 11:26 AM 0 Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. • As Microsoft explains in a preliminary post-incident report published this week, a software error in its email security system incorrectlyflagged thousands of legitimate URLs as phishing linksfor nearly a week, blocking users from opening emails and Teams messages. • The incident, tracked by Microsoft underEX1227432, began on February 5 and was not fully resolved until February 12. • During that period, users across Exchange Online and Microsoft Teams were unable to open links in messages, with some of their emails quarantined entirely. • Administrators also received warnings that a “potentially malicious URL click was detected,” alerts that Microsoft later confirmed were false positives. • The root cause was a logic error in a detection system designed to identify new credential phishing attacks.

Article Summaries:

• Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. As Microsoft explains in a preliminary post-incident report published this week, a software error in its email security system incorrectly flagged thousands of legitimate URLs as phishing links for nearly a week, blocking users from opening emails and Teams messages. The incident, tracked by Microsoft under EX1227432, began on February 5 and was not fully resolved until February 12. During that period,
• Microsoft reported that a faulty heuristic rule in its Exchange Online email security system mistakenly flagged thousands of legitimate URLs as phishing links, blocking users from opening emails and Teams messages from February 5 to February 12. The logic error, triggered by an update aimed at detecting new credential‑phishing campaigns, caused automated quarantines and false “malicious URL click” alerts. The incident, logged as EX1227432, also involved additional bugs in Microsoft’s security signature systems that delayed rollback. Microsoft has not disclosed the total number of affected users and will release a final report within five business days.

Sources:

• https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rules-mistakenly-blocked-emails-teams-messages/