Users are unable to utilize the Application shortcuts on the Start menu and taskbar due to the ASR rule Win32 API calls from Office macro
Issue / Fault definition
At around 10 AM today (13/1/2023), we noticed that our application icons had disappeared from our Start Menus, Taskbars and Desktops.
Initially, we suspected this may have been malicious code running on our devices deleting data. Shortly after running scans internally, we were made aware of an issue via Microsoft 365’s Twitter feed that there was a known issue.
The issues looks to be caused by Microsoft Defender, and the most recent update 1.381.2140.0
Impact
The current impact going on reports on Twitter and Reddit looks to be global. However, Microsoft reported, “Scope of impact: Impact is specific to some users who are served through the affected infrastructure.”
Microsoft, as of January 13, 2023, 1:06 PM
We’ve identified that a specific rule was resulting in impact. We’ve reverted the rule to prevent further impact whilst we investigate further.
Known/associated error messages
Known Fixes / Solutions / Workarounds
Microsoft have released a script to recover shortcuts which can be found here.
The only current workaround is to change the ASR rule “Block Win32 API calls from Office macro” to Audit from Block.
External Links
https://admin.microsoft.com/#/servicehealth/:/alerts/MO497128
