Microsoft Defender Bug Causes False BIOS Update Warnings: Here’s What You Need to Know
Have you recently been greeted by a concerning alert from Microsoft Defender warning about a “potential network threat” and instructing you to apply a critical BIOS update? If so, take a deep breath. Your system is likely not under attack. A recent bug in Microsoft Defender is causing a wave of false positive alerts, leaving users and IT administrators concerned about a non-existent threat.
This guide will break down what’s happening, why you’re seeing this alert, and the simple steps you can take to resolve it.
Understanding the False Positive Alert
System administrators and everyday users began reporting a strange and persistent warning from Microsoft’s security software. The alert, flagged under the threat name “UEFI/Lobi,” would appear in the Microsoft Defender for Endpoint portal and on local machines, stating that a threat was found and that a firmware update was required to fix it.
The core of the issue stems from a faulty security intelligence update. Specifically, Microsoft Defender security intelligence version 1.381.2140.0 was incorrectly identifying a legitimate system behavior as a threat. This misidentification triggered the widespread false alarm, causing confusion and unnecessary concern.
The key takeaways are:
- The alert is a false positive caused by a bug in a specific Defender update.
- Your device is not actually infected with the Lobi Trojan or any related malware.
- The link provided in the alert for a “BIOS update” is often non-functional or misleading, as there is no real update to apply for this issue.
Is the “UEFI/Lobi” Threat Real?
While this specific alert is a false positive, the threat it references is very real, which is why the bug caused such alarm. The Lobi Trojan is a sophisticated type of malware known as a UEFI bootkit. A bootkit infects the core firmware of a computer (the UEFI or BIOS), allowing it to load before the operating system even starts. This makes it incredibly difficult to detect and remove with traditional antivirus software.
However, it is crucial to understand that the recent wave of alerts is not an indication of a widespread Lobi Trojan infection. It is simply Microsoft Defender’s protection engine misfiring due to a flawed definition file.
What to Do If You See the BIOS Alert
Microsoft has already acknowledged the issue and released an update to correct the false positive. If you are still seeing this alert, here are the actionable steps you should take.
Do Not Panic or Download Unknown Files: Your first instinct might be to find and install a BIOS update. Resist this urge. Never download firmware or BIOS updates from unverified, third-party websites. Only source these critical updates directly from your computer or motherboard manufacturer’s official website. In this case, no update is necessary.
Verify Your Defender Security Intelligence Version: You can check which version of Defender’s security definitions you are running. The bug was present in version
1.381.2140.0. If you have this version, the alert is almost certainly a false positive.Update Microsoft Defender Immediately: The solution is to update to a newer security intelligence version. Microsoft has pushed the fix in version 1.381.2164.0 and later. Your system will likely update automatically, but you can trigger a manual update through Windows Update or the Windows Security app to ensure you get the fix as quickly as possible.
Manually Clear the Alert: Even after updating, the old warning may persist in your security dashboard until the next scan. You can safely dismiss or clear the “UEFI/Lobi” alert from your protection history, knowing that it was a false alarm.
By staying informed and following these simple steps, you can confidently resolve this issue and ensure your system’s security reporting is accurate. While this incident was a false alarm, it serves as a valuable reminder to always source security fixes and system updates from trusted, official channels.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-bug-triggers-erroneous-bios-update-alerts/
