Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life

Microsoft Defender for Endpoint is incorrectly flagging specific versions of SQL Server as having reached their end-of-life, causing potential confusion for system administrators.

The issue, tracked under advisory DZ1168079, stems from a code bug and affects the Threat and Vulnerability Management feature within the Microsoft Defender XDR suite.

The bug impacts explicitly organizations running SQL Server 2017 and 2019. Within the Microsoft Defender for Endpoint portal, administrators may see an “End-Of-Support” (EOS) tag incorrectly applied to these software versions.

Microsoft has clarified that while the EOS tag is erroneous, the associated vulnerability recommendations are legitimate and should still be addressed.

This mislabeling creates a confusing situation where administrators must act on valid security alerts while ignoring the incorrect end-of-life status.

The scope of the impact is significant, as it could affect any environment using these widely deployed SQL Server versions with Defender for Endpoint for security management.

This can lead to misprioritization of tasks as teams may mistakenly believe they need to perform urgent software upgrades.

Root Cause And Initial Response

According to Microsoft, the problem originated from a recent change related to End-Of-Support software detection that introduced a code issue.

The service degradation officially began on Wednesday, October 8, 2025, although Microsoft’s incident timeline traces the start of the impact back to Monday, September 29, 2025. Initially, the company reported that users might be seeing false positive vulnerability recommendations.

However, after further investigation, it was determined that the vulnerability reports were accurate, but the EOS tags were being incorrectly applied.

In response, Microsoft developed a fix intended to correct the faulty code and began deploying it to its test environment for validation before a wider rollout.

Despite the initial remediation efforts, the problem persists. Microsoft confirmed on Thursday, October 9, that after deploying the fix, the inaccurate end-of-life tagging was still occurring for some users.

This indicates that the first attempted solution was not entirely effective. The company’s engineers are now investigating what additional actions are necessary to ensure the fix is applied correctly and resolves the issue for all affected customers.

The service status remains at “serviceDegradation,” and Microsoft has committed to providing its next update on the situation by Sunday, October 12, 2025.

In the meantime, administrators are advised to acknowledge the legitimacy of the vulnerability alerts for SQL Server 2017 and 2019 but disregard the incorrect end-of-life notifications.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.