Security News > 2023 > January > Microsoft script recreates shortcuts deleted by bad Defender ASR rule

Microsoft script recreates shortcuts deleted by bad Defender ASR rule
2023-01-15 19:07

Microsoft released advanced hunting queries and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule.

Early morning on January 13th, Microsoft released a new Microsoft Defender signature update that included a change to the Attack Surface Reduction rule known as "Block Win32 API calls from Office macro" in Configuration Manager and "Win32 imports from Office macro code" in Intune.

A bug in the updated rules caused Microsoft Defender to exhibit false positives, deleting application shortcuts from the desktop, the Start menu, and the Windows Taskbar.

On Saturday morning, Microsoft released advanced hunting queries to find affected shortcuts and a PowerShell script to recreate shortcuts for some of the more commonly deleted applications.

Even targeted applications like Microsoft Office are not having their shortcuts recreated in some cases.

Windows admins also commented that the script only recreates shortcuts in the Start Menu but fails to recreate those deleted from the Windows Taskbar Quick Launch toolbar or the Windows desktop.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-script-recreates-shortcuts-deleted-by-bad-defender-asr-rule/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399