There are only two ‘Friday the 13th in 2023′, and the first already saw Microsoft struggling to fix a problem that affected users’ start menus and taskbars following a botched update to its Defender antivirus.
After the mishap, Microsoft took to the Internet to confirm (opens in a new tab) that many users had experienced “a number of false positive detections” for the attack surface reduction (ASR) rule “Block Win32 API calls from Office macro”, which led to the disappearance of many program shortcuts (.lnk files).
Among the fixes initially suggested by the company was to convert the “Block Win32 API calls from Office macro” rule to audit mode; however, Microsoft has now released a more comprehensive fix that, after deployment, will allow users to convert the ASR rule back to Block Mode.
Microsoft Defender issue
The company has told users to update to Security Intelligence Build 1.381.2164.0 or later. An excerpt from the help page reads:
“Microsoft has confirmed steps customers can take to recreate start menu links for a significant subset of the affected apps that were removed.”
The steps have been provided as a PowerShell script in a github page (opens in a new tab) – a development platform owned by Microsoft. There is also a set of instructions for deploying the script using Intune, which many users were vocal about when it came to discussing the bug on platforms like Reddit (opens in a new tab) and Microsoft’s own Tech Community Page (opens in a new tab).
One user asked Microsoft “why didn’t Defender log lnk file deletions.”
With the issue continuing to be an ongoing source of disruption among Microsoft users, it’s unclear if the fix has been enough for the tech giant to regain some of its lost faith. In general, user experiences remain mixed, with some stating that restores were successful and others reporting errors.