here is more information about the big MDE incident of Friday 13.01.23. #ASRmageddon.
Management Summary: On Friday, January 13, 2023, some customers running Microsoft Defender for Endpoint (MDE) experienced “false-positive” detections by ASR (Attack Surface Reduction) rules in the context of Office macro blocks after a signature update. These detections led to the deletion of files (ink, exe, etc.). The incorrect detection logic/signature was fixed in Security Intelligence version 1.381.2164.0 (and newer). With this updated version, the problem no longer occurs. For devices that were affect
There are now several good summaries on the general incident, the content sequence, the best detection methods for (still) affected endpoints, and scripts for link recovery.