Microsoft Defender for Endpoint is incorrectly flagging particular variations of SQL Server as having reached their end-of-life, inflicting potential confusion for system directors.
The problem, tracked underneath advisory DZ1168079, stems from a code bug and impacts the Menace and Vulnerability Administration characteristic throughout the Microsoft Defender XDR suite.
The bug impacts explicitly organizations working SQL Server 2017 and 2019. Inside the Microsoft Defender for Endpoint portal, directors may even see an “Finish-Of-Assist” (EOS) tag incorrectly utilized to those software program variations.
Microsoft has clarified that whereas the EOS tag is misguided, the related vulnerability suggestions are official and may nonetheless be addressed.
This mislabeling creates a complicated scenario the place directors should act on legitimate safety alerts whereas ignoring the inaccurate end-of-life standing.
The scope of the affect is important, because it may have an effect on any setting utilizing these extensively deployed SQL Server variations with Defender for Endpoint for safety administration.
This will result in misprioritization of duties as groups might mistakenly imagine they should carry out pressing software program upgrades.
Root Trigger And Preliminary Response
In accordance with Microsoft, the issue originated from a latest change associated to Finish-Of-Assist software program detection that launched a code concern.
The service degradation formally started on Wednesday, October 8, 2025, though Microsoft’s incident timeline traces the beginning of the affect again to Monday, September 29, 2025. Initially, the corporate reported that customers is likely to be seeing false optimistic vulnerability suggestions.
Nevertheless, after additional investigation, it was decided that the vulnerability studies have been correct, however the EOS tags have been being incorrectly utilized.
In response, Microsoft developed a repair supposed to appropriate the defective code and commenced deploying it to its take a look at setting for validation earlier than a wider rollout.
Regardless of the preliminary remediation efforts, the issue persists. Microsoft confirmed on Thursday, October 9, that after deploying the repair, the wrong end-of-life tagging was nonetheless occurring for some customers.
This means that the primary tried answer was not fully efficient. The corporate’s engineers at the moment are investigating what extra actions are obligatory to make sure the repair is utilized accurately and resolves the problem for all affected prospects.
The service standing stays at “serviceDegradation,” and Microsoft has dedicated to offering its subsequent replace on the scenario by Sunday, October 12, 2025.
Within the meantime, directors are suggested to acknowledge the legitimacy of the vulnerability alerts for SQL Server 2017 and 2019 however disregard the inaccurate end-of-life notifications.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
