Microsoft Defender is flagging legitimate URLs as malicious

The company announced on Twitter that it was aware of the bug and that an investigation is underway into the cause.

We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected. Further details can be found under DZ534539 within the admin center.

You’re out of free articles for this month

Log in Sign up

To continue reading the rest of this article, please log in.

Username or Email

Password

Keep me signed in on this device.

If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.

============

============

If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.

---

or

---

Log in with a Passkey

Forgot password?

— Microsoft 365 Status (@MSFT365Status) March 29, 2023

Microsoft has urged that despite the false positive alerts, users are still able to access legitimate links flagged as malicious.

At this stage, Microsoft is still investigating the issue and has said it is “reviewing diagnostics such as network telemetry data to verify the root cause and identify a path to resolution”.

The tech giant warned that tech admins would likely see an increased number of high-severity alert emails that warn of a potentially malicious URL was clicked.

Since the issue arose yesterday, some customers have received dozens of alert emails warning of malicious URLs, according to BleepingComputer.

VIEW ALL

Responding to Microsoft’s tweet, a number of users and admins have expressed issues caused by the bug, such as an increased number of quarantined emails and being inundated with alerts.

Yeah, the 987 Alerts I got for Zoom accounts has been a good time today ? pic.twitter.com/Cix2CipagY

— Adam (@Reptarr2) March 29, 2023

@MSFT365Status Would this cause defender to quarantine a ton more emails than normal? We are inundated with tens of requests this morning when it is normally only one or two if any.

— Jared does IT (@ItsAnAsp3n) March 29, 2023