Security News > 2023 > January > Buggy Microsoft Defender ASR rule deletes Windows app shortcuts
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps.
The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction rule was triggered erroneously.
While normally, this would help reduce the attack surface threat actors could use to compromise devices protected by Microsoft Defender Antivirus, a bad Defender signature caused the ASR rule to misbehave and trigger against users' app shortcuts, falsely tagging them as malicious.
Windows admins are reporting that the ASR rule is deleting shortcuts belonging to both Microsoft apps and third-party apps.
To address the issue, Microsoft has disabled the offending ASR rule and has asked customers to check SI MO497128 in the admin center for more updates.
Until the issue is completely fixed and all deleted shortcuts can be restored, Microsoft advised customers to directly launch Office apps using the Office app or the Microsoft 365 app launcher.
News URL
Related news
- Microsoft Defender adds detection of unsecure Wi-Fi networks (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes (source)