Security News > 2022 > March > Microsoft Defender tags Office updates as ransomware activity
Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.
Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.
"Starting on the morning of March 16th, customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system. Admins may have seen that the erroneous alerts had a title of 'Ransomware behavior detected in the file system,' and the alerts were triggered on OfficeSvcMgr.exe," Microsoft said following users' reports.
After the cloud logic update rollout, the incorrect ransomware activity alerts will no longer be generated.
According to Microsoft, the issue "May have potentially affected" admins who attempted to view ransomware alerts in Microsoft Defender for Endpoint.
Since October 2020, admins have had to deal with other similar Defender for Endpoint issues, including one alerting of network devices infected with Cobalt Strike and another one marking Chrome updates as PHP backdoors.
News URL
Related news
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft rolls out Office LTSC 2024 for Windows and Mac (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft Defender adds detection of unsecure Wi-Fi networks (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)