Users are unable to utilize the Application shortcuts on the Start menu and taskbar due to the ASR rule Win32 API calls from Office macro

2023 01 13 13 53 09 Microsoft 365 Status @MSFT365Status Twitter and 2 more pages Work Micros

Issue / Fault definition

At around 10 AM today (13/1/2023), we noticed that our application icons had disappeared from our Start Menus, Taskbars and Desktops.

Initially, we suspected this may have been malicious code running on our devices deleting data. Shortly after running scans internally, we were made aware of an issue via Microsoft 365’s Twitter feed that there was a known issue.

The issues looks to be caused by Microsoft Defender, and the most recent update 1.381.2140.0


The current impact going on reports on Twitter and Reddit looks to be global. However, Microsoft reported, “Scope of impact: Impact is specific to some users who are served through the affected infrastructure.”

Microsoft, as of January 13, 2023, 1:06 PM

We’ve identified that a specific rule was resulting in impact. We’ve reverted the rule to prevent further impact whilst we investigate further.

Known/associated error messages

Win32 API calls from Office macro

Known Fixes / Solutions / Workarounds

Microsoft have released a script to recover shortcuts which can be found here.

The only current workaround is to change the ASR rule “Block Win32 API calls from Office macro” to Audit from Block.

Win32 API calls from Office macro 2

External Links

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

Leave a Reply

Your email address will not be published. Required fields are marked *