Security News > 2023 > January > Buggy Microsoft Defender ASR rule deletes Windows app shortcuts

Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps.

The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction rule was triggered erroneously.

While normally, this would help reduce the attack surface threat actors could use to compromise devices protected by Microsoft Defender Antivirus, a bad Defender signature caused the ASR rule to misbehave and trigger against users' app shortcuts, falsely tagging them as malicious.

Windows admins are reporting that the ASR rule is deleting shortcuts belonging to both Microsoft apps and third-party apps.

To address the issue, Microsoft has disabled the offending ASR rule and has asked customers to check SI MO497128 in the admin center for more updates.

Until the issue is completely fixed and all deleted shortcuts can be restored, Microsoft advised customers to directly launch Office apps using the Office app or the Microsoft 365 app launcher.

News URL

https://www.bleepingcomputer.com/news/microsoft/buggy-microsoft-defender-asr-rule-deletes-windows-app-shortcuts/