Microsoft Defender for Endpoint Mislabels SQL Server Versions
Recent reports indicate that Microsoft Defender for Endpoint is erroneously flagging certain versions of SQL Server as having reached their end-of-life status, which is likely to cause significant disarray among system administrators.
This issue, detailed under advisory DZ1168079, is attributed to a coding bug affecting the Threat and Vulnerability Management feature within Microsoft Defender’s XDR suite.
Specifically, organizations utilizing SQL Server versions 2017 and 2019 are being misrepresented. Within the Microsoft Defender for Endpoint dashboard, administrators may observe an erroneous “End-Of-Support” (EOS) label attached to these software iterations.
Microsoft has stated that although the EOS designation is incorrect, the accompanying vulnerability alerts are valid and necessitate attention.
This erroneous labeling creates a perplexing dilemma, compelling administrators to address genuine security warnings while simultaneously disregarding the misleading end-of-life declarations.
The repercussions of this mistake are far-reaching, potentially impacting any environment employing these prevalent SQL Server versions with Defender for Endpoint for security management.
As a result, teams may experience task misprioritization, mistakenly believing that imminent software upgrades are essential.
Root Cause and Initial Response
Microsoft has attributed the malfunction to a recent modification concerning End-Of-Support software detection that inadvertently introduced a coding flaw.
The issue began to affect services on Wednesday, October 8, 2025, although the timeline indicates that the complications commenced earlier, on Monday, September 29, 2025. Initially, the company announced that users might encounter false positive vulnerability alerts.
Upon further scrutiny, it was revealed that while the vulnerability reports were indeed correct, the EOS designations were wrongly affixed.
In response to this predicament, Microsoft has crafted a remedy aimed at rectifying the erroneous code and has initiated deployment to its testing landscape for validation prior to a broader application.
Despite these preliminary remediation measures, the issue remains unresolved. On Thursday, October 9, Microsoft confirmed that the inaccurate end-of-life labels persist for certain users, suggesting that the initial solution fell short of its intended outcome.
The company’s engineers are now exploring additional strategies to ensure that the fix is properly administered and effective across all affected users.
The service status currently indicates “serviceDegradation,” and Microsoft has pledged to deliver an update regarding the situation by Sunday, October 12, 2025.
In the interim, administrators are advised to recognize the authenticity of the vulnerability alerts related to SQL Server 2017 and 2019, while disregarding the misleading end-of-life notifications.
Source link: Cybersecuritynews.com.
