The attempt by Microsoft to fix a known problem that leads to the wrong end-of-life tag for SQL Server software in its Defender for Endpoint enterprise endpoint protection platform.
Customers of Microsoft Defender XDR running SQL Server 2017 and 2019 have been affected by this flaw since at least Wednesday AM, according a service alert that BleepingComputer was able to view.
Defender indicated that the program was no longer maintained, but SQL Server 2019 would continue to be supported until January 2030, and SQL Server 2017 will no longer have extended support until October 2027, which is two years from now.
The bug has already been fixed by the corporation, which also stated that a recent update to end-of-support software created a code problem that is the main reason.
The Threat and Vulnerability Management may display incorrect tagging for users who have SQL Server 2019 and 2017 installed. Nearly 24 hours after the problem was verified, Microsoft announced on Thursday morning that users can see incorrect end-of-life tagging for SQL Server under Microsoft Defender for Endpoint management.
“We’re continuing to deploy a fix that’s designed to reverse the offending change that introduced the code issue and will provide a timeline for its completion as one becomes available.”
While acknowledging that this problem can impact “all users that have SQL Server 2017 and 2019 installed,” Microsoft has not yet elaborated on the scope of the problem.
Nonetheless, this continuous issue has been classified as an advisory, which is a term frequently used to characterise a service issue that usually has a localised scope or impact.
Defender for Endpoint mistakenly marked the BIOS firmware on some Dell systems as obsolete, urging customers to update it. The business fixed another flaw last week.
Blackscreen crashes that occurred when multiple security providers listened to events and were caused by a stalemate in the Apple corporate security framework have also been resolved by Microsoft experts for macOS devices updated after September 29.
An anti-spam service was incorrectly blocking Exchange Online and Microsoft Teams users from opening URLs and quarantining emails due to another false positive, which Redmond resolved in early September.
From the root cause analysis, Microsoft claims that the issue started with a recent modification to End-Of-Support software detection that resulted in a coding flaw.
Although Microsoft’s incident timeline dates the impact’s beginning to Monday, September 29, 2025, the service degradation officially started on Wednesday, October 8, 2025. The company first stated that consumers may be receiving suggestions for vulnerabilities that are falsely positive.
The vulnerability reports were legitimate, but the EOS tags were being applied erroneously, according to additional research.
Microsoft created a patch to address the flawed code in response, and before a broader distribution, it started distributing it to its test environment for verification.
The issue still exists in spite of the initial attempts at repair. After implementing the update, Microsoft acknowledged on Thursday, October 9, that some users were still seeing incorrect end-of-life marking.
This suggests that the initial attempt at a solution was in part unsuccessful. Engineers from the company are currently looking into what more needs to be done to guarantee that the repair is implemented correctly and fixes the problem for all impacted clients.
“ServiceDegradation” is still the service status, and Microsoft has promised to provide its next upgrade by Sunday, October 12, 2025.
Meanwhile, administrators are encouraged to accept the validity of the SQL Server 2017 and 2019 vulnerability alerts, but ignore the false end-of-life signals.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
