Well, MS did it again...an update which sabotages your computer.
"Last Friday was a rather unlucky day for Windows users and system administrators worldwide. According to multiple reports, Microsoft Defender for Endpoint turned into a shortcut and file "killer" that fateful day, after the security suite began to delete application shortcuts from the Windows Taskbar and Start Menu, sometimes even removing the linked program files from disk.
The issue was experienced by multiple system admins on Windows 10 and Windows 11, and its likely cause was soon pinned down to an ASR rule modified by a recent update for Defender. Attack surface reduction (ASR) rules target certain software behaviors like launching executables and scripts, running obfuscated scripts or "performing behaviors that apps don't usually initiate during normal day-to-day work," Microsoft explains." - Alfonso Maruccia, Techspot
MS explained the error here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide
"A further update posted on Microsoft Community Hub offered a partial solution to this last issue, with a PowerShell script designed to recreate the deleted shortcuts for 33 of the most popular programs affected by the bug (see list below). Needless to say, the script didn't bring joy to those sysadmins that were forced to reinstall deleted programs or recreate the shortcuts that were deployed per-user in a multi-user organization.
| Adobe Acrobat |
Adobe Photoshop 2023 |
| Adobe Illustrator 2023 |
Adobe Creative Cloud |
| Firefox Private Browsing |
Firefox |
| Google Chrome |
Microsoft Edge |
| Notepad++ |
Parallels Client |
| Remote Desktop |
TeamViewer |
| Royal TS6 |
Elgato StreamDeck |
| Visual Studio 2022 |
Visual Studio Code |
| Camtasia Studio |
Camtasia Recorder |
| Jabra Direct |
7-Zip File Manager |
| Access |
Excel |
| OneDrive |
OneNote |
| Outlook |
PowerPoint |
| Project |
Publisher |
| Visio |
Word |
| PowerShell 7 (x64) |
SQL Server Management Studio |
| Azure Data Studio |
|
- ibid "
You can check your Defender update history by going to Settings>Windows Update>Update History>Definition Updates.
For those affected, there's this:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011
I haven't turned off my updates, as my system has updated without disaster...but, if your system hasn't updated yet, I'd advise you delay the update to give MS the opportunity to fix this.
You can read more about the 98 patches in the January update here: https://www.darkreading.com/vulnerabilities-threats/microsoft-new-year-patches-98-security-fixes
Additional information:
https://www.computerworld.com/article/3685534/patch-now-to-address-critical-windows-zero-day-flaw.html?utm_campaign=subscribers-&utm_medium=subscribers_push_notification&utm_source=subscribers