There are only two ‘Friday the 13th’s in 2023, and the first has already seen Microsoft scrambling to fix an issue that affected users’ Start menus and taskbars following a botched update to its Defender antivirus.
Following the mishap, Microsoft took to the Internet to confirm (opens in new tab) that many users had experienced “a series of false positive detections” for the “Block Win32 API calls from Office macro” Attack Surface Reduction (ASR) rule, leading to many program shortcuts (.lnk files) vanishing.
Among the initially suggested fixes from the company was to turn the “Block Win32 API calls from Office macro” rule into audit mode, however Microsoft has now issued a more comprehensive fix that, after deploying, will allow users to turn the ASR rule back into block mode.
Microsoft Defender problem
The company has told users to upgrade to security intelligence build 1.381.2164.0 or later. An extract from the help page reads:
“Microsoft has confirmed steps that customers can take to recreate start menu links for a significant sub-set of the affected applications that were deleted.”
The steps have been provided as a PowerShell script on a GitHub page (opens in new tab) – a developer platform that Microsoft owns. There’s also a set of instructions for deploying the script using Intune, which many users were vocal about when it came to discussing the blunder on platforms like Reddit (opens in new tab) and Microsoft’s own Tech Community page (opens in new tab).
One user asked Microsoft “why Defender did not record the lnk file deletions”.
As the problem continues to be an ongoing source of disruption among Microsoft users, it’s unclear whether the fix has been enough for the tech giant to restore some of its lost faith. Overall, user experiences remain a mixed bag, with some claiming successful restores, and others reporting errors.