Security News > 2023 > January > Buggy Microsoft Defender ASR rule deletes Windows app shortcuts
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps.
The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction rule was triggered erroneously.
While normally, this would help reduce the attack surface threat actors could use to compromise devices protected by Microsoft Defender Antivirus, a bad Defender signature caused the ASR rule to misbehave and trigger against users' app shortcuts, falsely tagging them as malicious.
Windows admins are reporting that the ASR rule is deleting shortcuts belonging to both Microsoft apps and third-party apps.
To address the issue, Microsoft has disabled the offending ASR rule and has asked customers to check SI MO497128 in the admin center for more updates.
Until the issue is completely fixed and all deleted shortcuts can be restored, Microsoft advised customers to directly launch Office apps using the Office app or the Microsoft 365 app launcher.
News URL
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft now testing app ads in Windows 11's Start menu (source)
- Microsoft lifts Windows 11 block on some Intel systems after 2 years (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Researchers claim Windows Defender can be fooled into deleting databases (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)