Microsoft confirmed the existence of a new bug affecting Windows Serve-based devices due to which Microsoft Defender for Endpoint doesn’t start. The problem prevents the launch of a security solution from Kaspersky.

Endpoint Security Platform (formerly known as Microsoft Defender Advanced Threat Protection or Defender ATP) may not launch on devices with Windows Server Core installed. The issue is known to only affect devices with KB5007206 on Windows Server 2019 and KB5007205 on Windows Server 2022.

“After installing KB5007205 (or later updates), Microsoft Defender for Endpoint may not start on devices with Windows Server Core installed.”reported in company.

It is [...]

During cyberattacks, the Zloader Trojan disables the Microsoft Defender antivirus solution on the victim’s computer systems in order to avoid detection.

The behavior of the Zloader Trojan was investigated by SentinelOne specialists that published a detailed report on this.

Whilst analyzing anomalies in SentinelOne’s threat telemetry, we identified a new ZLoader botnet recently set up which implements a novel delivery mechanism with a stealthy infection chain. ZLoader operators deployed undetected droppers and disabled security solutions to lower the chances of detection.SentinelOne researchers tell.

The attackers also changed the vector of malware propagation from spam [...]