Overview
Microsoft has identified an ongoing issue affecting some Exchange Online users, where emails containing images are being incorrectly flagged as malware and subsequently quarantined. This issue, classified under the Incident ID EX873252, began on August 26, 2024, and is currently causing service degradation across affected infrastructures. The Microsoft support and engineering teams are actively working on identifying the root cause and developing a remediation plan.
What You Need to Know
Incident ID: EX873252
Affected Service: Exchange Online
Current Status: Service Degradation
Issue Type: Incident
Start Time: August 26, 2024, 9:09 AM CDT
Next Update: August 26, 2024, 11:30 AM CDT
User Impact
Users who rely on Exchange Online may find that emails with embedded images are being falsely flagged as malware. This issue results in those emails being quarantined, preventing their delivery to the intended recipients.
Scope of Impact
The issue is not universal but affects a subset of users connected to specific Exchange Online infrastructures. Microsoft is currently reviewing service monitoring telemetry to isolate the problem. It is essential for administrators to monitor the situation closely, especially if your organization relies heavily on image-based communication.
Detailed Technical Background
This problem appears to stem from the way Microsoft Defender for Office 365 handles Safe Attachments policies. These policies are designed to protect against malicious files by scanning email attachments. However, in this case, the scanning process is incorrectly identifying legitimate images as malware. Once flagged, the emails are quarantined, where they await further review by administrators or are automatically deleted after a set period
Administrators can access quarantined messages and manage them via the Microsoft Defender portal, but users might face delays or disruptions in communication while this issue persists. It is also important to note that the quarantine policy settings could prevent users from releasing quarantined emails themselves
Immediate Actions
- Monitor Quarantined Emails: Administrators should regularly check the quarantine section in the Microsoft Defender portal to identify and release falsely flagged emails.
- Stay Informed: Microsoft has promised to provide updates by 11:30 AM CDT on August 26, 2024. Keep an eye on the official channels for further developments.
- Feedback to Microsoft: If your organization is affected, you can provide feedback to help prioritize the resolution of this issue.
Conclusion
Microsoft Exchange Online users are currently facing challenges with emails containing images being incorrectly flagged as malware. Microsoft is working on a fix, but in the meantime, it’s crucial to monitor quarantined emails and stay informed through the official updates. This incident highlights the importance of robust email security settings and the need for vigilance when such issues arise.