Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
Take control of your iOS devices with iMazing on Mac/PC, now 57% off
Phorpiex botnet returns with new tricks making it harder to disrupt
Firefox users can’t reach Microsoft.com — here’s what to do
Emotet starts dropping Cobalt Strike again for faster attacks
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Microsoft fixes bug blocking Defender for Endpoint on Windows Server
Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems.
When it acknowledged the bug in November, Microsoft explained that the endpoint security solution (previously known as Microsoft Defender Advanced Threat Protection or Defender ATP) failed to start or run on devices running Windows Server Core installations.
The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month’s Patch Tuesday.
Microsoft addressed the bug with the release of KB5008223 this week as part of the December 2021 Patch Tuesday.
As Redmond revealed, KB5008223 “addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation.”
You can install this cumulative update through Windows Update and Microsoft Update, Windows Update for Business, Windows Server Update Services (WSUS), and the Microsoft Update Catalog.
After Microsoft confirmed this Defender for Endpoint issue, BleepingComputer also spotted reports of Microsoft Defender Antivirus crashes with EventID 3002 notifications (MALWAREPROTECTION_RTP_FEATURE_FAILURE) and “Real-time protection encountered an error and failed” errors codes.
They occurred after installing security intelligence updates between versions 1.353.1477.0 and 1.353.1486.0 and were fixed by Microsoft with the release of version 1.353.1502.0.
Later last month, Microsoft Defender for Endpoint also scared Windows admins with Emotet false positives, as it started blocking Office documents from being opened and some executables from launching, falsely tagging them as potentially bundling Emotet malware payloads.
While Microsoft didn’t reveal what triggered these false positives, the most likely reason was that the company increased the sensitivity for detecting Emotet-like behavior making its generic behavioral detection engine too sensitive.
The change was probably prompted by the recent revival of the Emotet botnet from two weeks ago, when Emotet research group Cryptolaemus, GData, and Advanced Intel began seeing TrickBot deploying Emotet loaders on infected devices.
Since October 2020, Windows admins have dealt with similar false positive issues affecting Defender for Endpoint, including one that marked network devices infected with Cobalt Strike and another that tagged Chrome updates as PHP backdoors.
Microsoft Defender for Endpoint fails to start on Windows Server
Microsoft Defender scares admins with Emotet false positives
Microsoft Defender ATP adds live response for Linux and macOS
Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft: New security updates trigger Windows Server auth issues
Not a member yet? Register Now
Log4j: List of vulnerable products and vendor advisories
Hackers steal Microsoft Exchange credentials using IIS module
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source