Microsoft security software identifies Office as… ransomware

Microsoft’s development team recently made a relatively disastrous mistake, when its Defender security software identified a component of the Office suite of office applications developed by Microsoft itself as… code poison.

Specifically, after the most recent update, Microsoft’s Defender for Endpoint tool identified OfficeSvcMgr.exe, an Office process, as malware. Microsoft’s security software says the process is ransomware, which is shown by trying to delete user-created backups.

Not long after a few users asked questions on Reddit, a Microsoft representative released an official response. Steve Scholz, security technical expert at Microsoft, confirmed this was a situation of misidentification.

“As of the morning of March 16, customers may experience misidentifications related to ransomware behavior. Microsoft has investigated the spike in these findings and determined that these are incorrect identifiers. Microsoft has updated the data information to prevent this from happening again.”, Microsoft representative said.

It is known that the cause of this problem comes from a recent change in the Defender for Endpoint software.

“Our investigation revealed that a recent update regarding the ransomware detection feature had an error, causing it to warn of malicious code even when there was no problem. We immediately fixed the issue.”

https://genk.vn/phan-mem-bao-mat-cua-microsoft-nhan-dien-office-la-ma-doc-tong-tien-20220318001954017.chn