The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem.

This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update generated a flood of false notifications alerting possible breaches — to the annoyance of SOCs required to chase false flags.

False reports in Microsoft Defender for Endpoint tool

The notifications, which are said to occur on Windows Server 2016 systems primarily, indicate possible sensor breaches in system memory. The notifications indicate OpenHandleCollector.exe as a dangerous process.

According to Microsoft, the alerts are false positives, noting an understanding of the irritation among security experts investing time in thin air.

This afternoon, Microsoft published an update stating the issue had been resolved. Aside from the incident mentioned above, no significant problems have occurred following the Log4j security update Microsft 365 Defender.