TITLE: Microsoft Defender Issues False SQL Server End-of-Life Warning
Microsoft Defender Flags Supported SQL Server Versions Incorrectly
Microsoft is addressing a significant issue in its Defender for Endpoint security platform that mistakenly identified supported versions of SQL Server as having reached their end-of-life. The problem, which affects Defender XDR users running SQL Server 2017 and 2019, highlights ongoing reliability challenges in enterprise security tools.
Inaccurate End-of-Life Tagging Details
The system incorrectly tagged both SQL Server 2017 and 2019 as unsupported, despite their actual support timelines. SQL Server 2017 remains supported until October 2027, while SQL Server 2019 continues to receive support until January 2030. Microsoft attributed the error to what it described as “a code issue introduced by a recent change to end-of-support software.”
In its service alert, Microsoft explained that users may see inaccurate tagging within Threat and Vulnerability Management components. The company specifically noted that “Users with SQL Server 2019 and 2017 installed may see inaccurate tagging within Threat and Vulnerability Management. Users may experience inaccurate end-of-life tagging for SQL Server within Microsoft Defender for Endpoint management.”
Resolution Timeline and Recent History
Microsoft confirmed it’s actively deploying a fix designed to reverse the problematic code change. The company stated, “We’re continuing to deploy a fix that’s designed to reverse the offending change that introduced the code issue and will provide a timeline for its completion as one becomes available.”
This SQL Server tagging error follows several other Defender-related issues in recent weeks, as detailed in the original coverage. Previous problems included incorrect BIOS firmware flagging on Dell devices and black-screen crashes affecting macOS systems. Microsoft also recently resolved false positives that caused its anti-spam service to quarantine messages and block links for Exchange Online and Teams users.
Impact Assessment and Advisory Status
Microsoft acknowledged that the problem could potentially affect all users running SQL Server 2017 and 2019, though the company hasn’t specified how many systems might have been impacted. The incident has been classified as an advisory, suggesting limited disruption to users.
This incident serves as an important reminder for organizations to verify security alerts and maintain awareness of actual software support timelines, particularly when automated systems generate unexpected warnings about critical infrastructure components.
