Microsoft’s Email Meltdown and 4,000 Accounts Hacked via Outlook Add-in

This Week in IT

LISTEN ON:

This Week in IT, what if Microsoft’s email system suddenly categorized genuine emails as phishing attempts? It happened this week, disrupting businesses. Plus, 4,000 Microsoft accounts got hacked through a genuine Outlook add-in from the official Store, and we’ll reveal how attackers pulled that off. And Microsoft’s building a brand-new mini-OS in Rust to keep bad code in a cage.

Thanks to Cayosoft for sponsoring this episode!

Links and resources

Episode overview

This Week in IT, I cover three major Microsoft‑related topics:

1. Exchange Online False Positives

Microsoft introduced a new URL-based anti‑phishing rule around February 5 that incorrectly quarantined large volumes of legitimate email across organizations.
The issue lasted several days, disrupting inter‑organizational email flow and forcing administrators to manually intervene.
Microsoft disabled the faulty rule, allow‑listed affected URLs, and bulk‑released quarantined messages, with remediation largely completed by February 10–11.
Admins were advised to monitor Exchange service health and manually release any remaining quarantined emails.

2. Compromised Outlook Add‑in (“Agree to”)

A legitimate Outlook add‑in from the Store, used for meeting scheduling, was compromised after approval.
Attackers replaced its scheduling UI with a fake interface to harvest usernames and passwords, which were sent to a third party via a Telegram bot.
Approximately 4,000 Microsoft accounts were affected.
The add‑in had high privileges, potentially allowing email access or modification, though no such misuse was confirmed.
This incident is described as the first known malicious add‑in hosted on Microsoft’s official marketplace.
Microsoft advised uninstalling the add‑in and resetting passwords, while security researchers called for ongoing post‑approval monitoring and removal of abandoned add‑ins.

3. Microsoft’s Rust-Based “Mini OS”

While still in preview, it could underpin future secure application isolation models in Windows or Azure.
Microsoft is experimenting with a lightweight, Linux‑like operating system built in Rust.
The goal is to provide strong application sandboxing by separating applications from low‑level kernel access.
This approach leverages Rust’s memory safety to reduce vulnerability to memory‑based exploits.
The technology is aimed at developers, researchers, and cloud scenarios (e.g., Azure Confidential Computing), not end users.

Russell Smith

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early 2000s. Since then, Russell has contributed to a variety of publications, including Petri, CDW's list of publications, and various industry blogs including Netwrix, BeyondTrust, and others. In addition to more than 1000 articles Russell has authored, he has also written a book on Windows security and co-authored another for Microsoft's MOAC series. Russell has also authored several courses for Pluralsight.