A Microsoft Defender for Endpoint attack surface reduction (ASR) rule tagged real app shortcuts in the Start Menu and taskbar as malicious. It’s fixed now, but the shortcuts won’t come back automatically.
On Friday afternoon, Microsoft wrote it’s fully deployed a fix for an issue in Windows that caused application shortcuts in the Start menu or taskbar to disappear. Multiple IT admins detailed the problem on Twitter and Reddit this morning, and Microsoft confirmed it was related to a recent update to the Microsoft Defender threat detections.
The problem is affecting businesses and organizations using Microsoft 365 and Defender for protection against malware, viruses, and other threats. In a note to customers, Microsoft said it received reports that a certain attack surface reduction (ASR) rule is causing the problems. Earlier in the day, IT admins tried to work around the issue by setting the “Block Win32 API calls from Office macro” rule to audit only.
Microsoft says it “reverted the rule to prevent further impact whilst we investigate further.”
However, it took hours for the fix to deploy before Microsoft announced it was fully rolled out at 4:46PM ET.
The bad news, now, is that the fix doesn’t restore the deleted shortcuts, as described in Microsoft’s issue details (the added emphasis is ours):
Next steps: This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods.
“This has caused a bad day,” says one IT admin on Twitter, replying to Microsoft’s acknowledgment of the issue. “Happy Friday 13th!” joked another. IT admins have been scrambling to fix the problem and bring the shortcuts back, with many having to tell their Windows users to manually launch their apps from where they’re installed or by using Start > Run and the executable name.
Three IT admins currently experiencing the problem at their organizations confirmed to The Verge that all shortcuts disappeared — and not just ones to Microsoft applications.
Regular Windows users and consumers aren’t affected by this strange bug, and it will only affect managed machines inside organizations. That’s still hundreds or thousands of machines inside big businesses that rely on Microsoft’s threat detection security.
We’ve reached out to Microsoft to comment on the situation, and we’ll update you accordingly.
Update, January 13th, 8:20AM ET: Article updated with more information from Microsoft.
Update, January 13th, 5:43PM ET: Article updated to note the fix has rolled out.
Update, January 13th, 6:32PM ET: Article updated to note that the fix does not include restoration of deleted shortcuts, per Microsoft.