Microsoft Exchange Online is experiencing significant issues caused by a recent security update that mistakenly flags legitimate emails as phishing and quarantines them. The problem began on February 5, 2026, when a new URL detection rule was implemented to combat sophisticated phishing attacks. However, this rule has overfired, incorrectly classifying some trusted URLs as malicious, leading to widespread quarantine of legitimate emails. Microsoft has acknowledged the bug and is actively working on a fix, with some affected messages already being released back into inboxes. The incident impacts users globally, causing delays, missed deadlines, and potential business losses. IT administrators are advised to review quarantined messages carefully, verify their legitimacy, and use tools like Message Trace to confirm email status. Microsoft emphasizes that the balance between security and usability is delicate, as overly aggressive filters can result in false positives. The company is monitoring the situation and plans to fully resolve the issue while maintaining robust security measures. This incident highlights the ongoing challenge of managing advanced email security without disrupting normal communication workflows.