In a final update to the incident report added on May 1 at 16:31 UTC, Microsoft said it successfully reverted the buggy ML model to the previous working version, mitigating the false positive issue. It also added that admins and users may have also been able to create custom allow rules to ensure that Gmail messages weren't sent to the junk folder while the service was impacted. In October 2023, it also had to disable a bad anti-spam rule flooding Microsoft 365 admins' inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam, while in August 2024, it mitigated an Exchange Online bug tagging emails containing images as malicious and automatically quarantining them. Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. "We've identified that our machine learning (ML) model, which safeguards Exchange Online against risky email messages, is incorrectly identifying legitimate email messages as spam due to their similarity to email messages used in spam attacks, which is resulting in impact," the company explained when it acknowledged the ML model bug. For instance, last week, the company mitigated another machine-learning issue that mistakenly flagged Adobe emails in Exchange Online as spam. Tracked as EX1064599 in the Microsoft 365 admin center, the issue started impacting users on April 25 at 09:24 UTC, automatically moving emails erroneously tagged as malicious to the junk folder. In March, it addressed another Exchange Online false positive, causing anti-spam systems to quarantine some users' emails incorrectly. Microsoft has handled similar issues since the start of the year, leading to emails being incorrectly tagged as spam or quarantined.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 02 May 2025 10:20:09 +0000