Security News > 2023 > January > Microsoft script recreates shortcuts deleted by bad Defender ASR rule
Microsoft released advanced hunting queries and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule.
Early morning on January 13th, Microsoft released a new Microsoft Defender signature update that included a change to the Attack Surface Reduction rule known as "Block Win32 API calls from Office macro" in Configuration Manager and "Win32 imports from Office macro code" in Intune.
A bug in the updated rules caused Microsoft Defender to exhibit false positives, deleting application shortcuts from the desktop, the Start menu, and the Windows Taskbar.
On Saturday morning, Microsoft released advanced hunting queries to find affected shortcuts and a PowerShell script to recreate shortcuts for some of the more commonly deleted applications.
Even targeted applications like Microsoft Office are not having their shortcuts recreated in some cases.
Windows admins also commented that the script only recreates shortcuts in the Start Menu but fails to recreate those deleted from the Windows Taskbar Quick Launch toolbar or the Windows desktop.