New woe for admins as Cumulative Update KB5007205 breaks Defender for Endpoint

On the 9th November 2021, Microsoft released Cumulative Update KB5007205 for Windows Server 2022, an important security update which also brought some quality improvements.

The changelog notes:

• Addresses an issue in which certain apps might have unexpected results when rendering some user interface elements or when drawing within the app. You might encounter this issue with apps that use GDI+ and set a zero (0) width pen object on displays with high dots per inch (DPI) or resolution, or if the app is using scaling.

Unfortunately for admins the update also comes with a number of know issues, one of which is also security-related.

Microsoft notes that after installing KB5007205, admins may find that Microsoft Defender for Endpoint might fail to start or run on devices with a Windows Server Core installation.

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Fortunately, the desktop client, Microsoft Defender for Endpoint on Windows 10, is unaffected.

Microsoft says they are working on a resolution and will provide an update in an upcoming release.

Keep an eye on KB5007205’s support page here for updates.

via BetaNews