Microsoft fixes bug that left a bunch of Windows systems open to attack

News
By Sead Fadilpašić
published

A bug prevented Microsoft Defender from working on some systems

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Microsoft has patched an issue that prevented its Defender for Endpoint enterprise security platform from launching on some Windows Server systems. 

The patch is tracked as KB5008223 and comes as part of the company's December 2021 Patch Tuesday release, which can be found on this link.

Explaining the bug in an advisory, Microsoft said the bug prevented the endpoint security solution to start on devices running Windows Server Core installations.

Endpoint issues

According to Bleeping Computer, the issue only impacts devices with installed Windows Server 2019, and Windows Server 2022 security updates that were pushed in November’s Patch Tuesday.

The company’s cybersecurity platform has been giving its users quite a few headaches lately. It was recently reported that its latest version prevented users from opening some Office files, as well as launching various applications.

Last month, Microsoft confirmed that Defender for Endpoint (version 1.353.1874.0) triggered false positive alerts related to the Emotet malware, and thus prevented certain files from being launched. 

Emotet is back

Multiple admins found the antivirus service detecting print jobs as Emotet malware, as well as any Office app using MSIP.ExecutionHost.exe and slpwow64.exe.

Microsoft did fix it, but did not disclose the reasons behind the problem. The media have speculated that the company tried to increase the sensitivity of its filters for detecting Emotet, due to the malware’s recent resurgence.

Emotet, which is believed to have originated in Ukraine, was almost extinct at the start of the year, after law enforcement seized control of Emotet infrastructure and reportedly arrested individuals linked with the operation.

However, since mid-November, new Emotet samples have started popping up once again. These are quite similar to the previous strain, but have a different encryption scheme, and are being delivered to machines infected by TrickBot.

Microsoft Defender (the version for personal use, though) has recently been named the best antivirus solution by independent researchers.

  • You might also want to check out our list of the best firewall tools around

Via: Bleeping Computer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.