ASRmageddon: What Happened and How We Responded

Image of sitting at the computer dealing with ASRmageddon

On January 13th, Microsoft deployed a new definitions update for Microsoft Defender. This caused an issue for some users, as Defender began to flag and delete shortcuts in the “C:\ProgramData\Microsoft\Windows\Start Menu\Programs” folder on devices with the Attack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” set to Block. The widespread nature of this…

Read More