Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Defender for Endpoint fix for false SQL Server end-of-life tagging

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft is correcting a Defender for Endpoint issue that incorrectly marked SQL Server 2017 and SQL Server 2019 as end-of-life, creating inaccurate Threat and Vulnerability Management results for enterprise customers. The bug affected Microsoft Defender XDR users and had been present since at least Wednesday morning. Microsoft says it has deployed a fix and is continuing rollout after identifying a code issue introduced by a recent change. The problem matters because false end-of-support flags can drive unnecessary remediation work and distort exposure tracking.

Related Happenings

Microsoft Windows 11 KB5089549 cumulative update

Security Patch Release
First: 18.05.2026 11:33 Last: 18.05.2026 11:33 Sources 1

About this happening: Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)

Vulnerability
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Timeline

  1. 09.10.2025 21:09 1 articles · 7mo ago

    Microsoft Defender XDR customers see false SQL Server end-of-life tagging

    Victim Impact Update

    Microsoft Defender for Endpoint incorrectly tagged SQL Server 2017 and SQL Server 2019 as end-of-life, and Microsoft Defender XDR customers with those versions installed began seeing inaccurate Threat and Vulnerability Management tagging that misrepresented supported software as no longer supported.

    Show sources
    Open in new tab
  2. 09.10.2025 21:09 2 articles · 7mo ago

    Microsoft deploys fix for false SQL Server end-of-life tagging

    Mitigation Patch Update

    Microsoft said it had already deployed a fix for the Defender for Endpoint code issue introduced by a recent change to end-of-support software and continued rolling out the reversal of the offending change for SQL Server 2017 and SQL Server 2019.

    Show sources
    Open in new tab