Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
Emotet starts dropping Cobalt Strike again for faster attacks
Explore the cloud with this Microsoft Azure certification training
Microsoft to set Windows Terminal as default console in Windows 11
Large-scale phishing study shows who bites the bait more often
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Microsoft fixes bug blocking Defender for Endpoint on Windows Server
Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems.
When it acknowledged the bug in November, Microsoft explained that the endpoint security solution (previously known as Microsoft Defender Advanced Threat Protection or Defender ATP) failed to start or run on devices running Windows Server Core installations.
The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month’s Patch Tuesday.
Microsoft addressed the bug with the release of KB5008223 this week as part of the December 2021 Patch Tuesday.
As Redmond revealed, KB5008223 “addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation.”
You can install this cumulative update through Windows Update and Microsoft Update, Windows Update for Business, Windows Server Update Services (WSUS), and the Microsoft Update Catalog.
After Microsoft confirmed this Defender for Endpoint issue, BleepingComputer also spotted reports of Microsoft Defender Antivirus crashes with EventID 3002 notifications (MALWAREPROTECTION_RTP_FEATURE_FAILURE) and “Real-time protection encountered an error and failed” errors codes.
They occurred after installing security intelligence updates between versions 1.353.1477.0 and 1.353.1486.0 and were fixed by Microsoft with the release of version 1.353.1502.0.
Later last month, Microsoft Defender for Endpoint also scared Windows admins with Emotet false positives, as it started blocking Office documents from being opened and some executables from launching, falsely tagging them as potentially bundling Emotet malware payloads.
While Microsoft didn’t reveal what triggered these false positives, the most likely reason was that the company increased the sensitivity for detecting Emotet-like behavior making its generic behavioral detection engine too sensitive.
The change was probably prompted by the recent revival of the Emotet botnet from two weeks ago, when Emotet research group Cryptolaemus, GData, and Advanced Intel began seeing TrickBot deploying Emotet loaders on infected devices.
Since October 2020, Windows admins have dealt with similar false positive issues affecting Defender for Endpoint, including one that marked network devices infected with Cobalt Strike and another that tagged Chrome updates as PHP backdoors.
Microsoft Defender for Endpoint fails to start on Windows Server
Microsoft Defender scares admins with Emotet false positives
Microsoft Defender ATP adds live response for Linux and macOS
Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft: New security updates trigger Windows Server auth issues
Not a member yet? Register Now
Log4j: List of vulnerable products and vendor advisories
Hackers steal Microsoft Exchange credentials using IIS module
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Malicious Excel XLL add-ins push RedLine password-stealing malware

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

Former Ubiquiti dev charged for trying to extort his employer

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

Western Digital warns customers to update their My Cloud devices

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

New Windows 11 build fixes widespread printer issues, system freezes

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…