Skip links

Microsoft Defender for Endpoint laid low. Not by malware, but by another buggy Windows patch

A sad-faced Microsoft engineer has had to reset the “Days since we last shot ourselves in the foot” counter at the company’s HQ after a security update broke Microsoft Defender for Endpoint on Windows Server Core.

The issue started with patches emitted on 9 November, KB5007205 and KB5007206. The latter included the LTSC editions of Windows 10, however, as Microsoft pointed out, only devices with a Windows Server Core installation were affected. Microsoft Defender for Endpoint on Windows 10 will therefore still behave normally.

It appears that not even Microsoft’s latest and greatest is immune from the company’s inability to release patches that don’t break something or other. KB5007205 is for Windows Server 2022 and the subsequent preview patch emitted earlier this week, KB5007254, has the same problem.

That said, the preview patch fixes the Windows Installer problem that broke Kaspersky’s products for some users (as did KB5007266 for Server 2019. The Defender for Endpoint woes have, however, remained.

As far as how the issue manifests itself, Microsoft Defender for Endpoint might simply fail to start or run on affected systems (again, just Server, not Windows 10.) This is not ideal, since the point of the platform is to prevent, detect and respond to threats.

It uses, according to Microsoft, technology built into its “robust cloud service.”

Unfortunate, then, that its own quality processes appear somewhat less than robust, as the expanding known issues implies.

As yet, there is no fix for the problem nor estimated date for its arrival. Microsoft said: “We are working on a resolution and will provide an update in an upcoming release,” so that’s alright then.

The Register contacted Microsoft for more details, which said it had “nothing further to share at this time.” ®