Buggy Windows patch breaks Microsoft Defender for Endpoint • The Register

An upset Microsoft engineer has had to reset the “Days since we last shot ourselves in the foot” counter at the company’s headquarters after a security update broke Microsoft Defender for Endpoint on Windows Server Core.

The problem started with patches released on November 9, KB5007205 and KB5007206. The latter included the LTSC editions of Windows 10, but as Microsoft pointed out, only devices with a Windows Server Core installation were affected. Therefore, Microsoft Defender for Endpoint on Windows 10 will still behave normally.

It seems that not even Microsoft’s latest and greatest is immune to the company’s inability to release patches that do not destroy anything. KB5007205 is for Windows Server 2022, and the subsequent preview patch released earlier this week, KB5007254, has the same issue.

That said, the preview patch fixes the Windows Installer issue that shattered Kaspersky’s products for some users (so did KB5007266 for Server 2019. However, the Defender for Endpoint issues have remained.

As for how the problem manifests, Microsoft Defender for Endpoint can simply fail to start or run on affected systems (again, server only, not Windows 10.) This is not ideal as the point of the platform is to prevent, detect and respond on threats.

According to Microsoft, it uses technology built into its “robust cloud service”.

It is therefore unfortunate that its own quality processes appear somewhat less than robust, as the expanding known problems suggest.

There is still no solution to the problem or an estimated date of its arrival. Microsoft said, “We are working on a solution and will provide an update in an upcoming release,” so that’s fine.

The register contacted Microsoft for more details, saying they “had nothing more to share at this time.” ®

Leave a Comment