ts-2023-007
Vulnerability from tailscale

Description: Microsoft Defender is flagging Tailscale 1.46.1 as malware. These classifications are false positives, and we are working with Microsoft to resolve the situation.

As of 2023-10-27 1:05 AM UTC, we have confirmed that Microsoft have addressed the false positive, meaning Defender no longer flags Tailscale 1.46.1 as malware. A rescan of tailscaled.exe 1.46.1 on VirusTotal confirms this.

What happened?

Microsoft Defender was flagging Tailscale 1.46.1 as malware. This caused Defender to quarantine the binaries, meaning they could not run.

We submitted Tailscale 1.46.1 to Microsoft to investigate the false positive, who then updated Defender to avoid flagging this release as malware at 2023-10-27 1:05 AM UTC.

Who is affected?

People using Defender and Tailscale 1.46.1.

What is the impact?

Tailscale will not run on affected machines.

What do I need to do?

To resolve this issue on your own tailnet, you can take either or both of 2 approaches:

  1. Update to a newer version of Tailscale. Newer versions are not affected by this problem.
  2. Create an exception in Microsoft Defender. Microsoft has published instructions explaining how to do this.
  3. Update Microsoft Defender.

Show details on source website

To clipboard 

{
  "guidislink": false,
  "id": "https://tailscale.com/security-bulletins/#ts-2023-007",
  "link": "https://tailscale.com/security-bulletins/#ts-2023-007",
  "links": [
    {
      "href": "https://tailscale.com/security-bulletins/#ts-2023-007",
      "rel": "alternate",
      "type": "text/html"
    }
  ],
  "published": "Thu, 26 Oct 2023 00:00:00 GMT",
  "summary": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Microsoft Defender is flagging Tailscale 1.46.1 as malware.\nThese classifications are false positives, and we are working with Microsoft to\nresolve the situation.\u003c/p\u003e\n\u003cp\u003eAs of 2023-10-27 1:05 AM UTC, we have confirmed that Microsoft have addressed\nthe false positive, meaning Defender no longer flags Tailscale 1.46.1 as\nmalware. A rescan of \u003ca href=\"https://www.virustotal.com/gui/file/cfbf0c7ef964198e39f9cc97350626673468d311b8626c6b9bef6c95e40e569b\"\u003etailscaled.exe 1.46.1 on VirusTotal\u003c/a\u003e confirms this.\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eMicrosoft Defender was flagging Tailscale 1.46.1 as malware. This caused\nDefender to quarantine the binaries, meaning they could not run.\u003c/p\u003e\n\u003cp\u003eWe submitted Tailscale 1.46.1 to Microsoft to investigate the false positive,\nwho then updated Defender to avoid flagging this release as malware at\n2023-10-27 1:05 AM UTC.\u003c/p\u003e\n\u003ch5\u003eWho is affected?\u003c/h5\u003e\n\u003cp\u003ePeople using Defender and Tailscale 1.46.1.\u003c/p\u003e\n\u003ch5\u003eWhat is the impact?\u003c/h5\u003e\n\u003cp\u003eTailscale will not run on affected machines.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eTo resolve this issue on your own tailnet, you can take either or both of 2\napproaches:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eUpdate to a newer version of Tailscale. Newer versions are not affected by this problem.\u003c/li\u003e\n\u003cli\u003eCreate an exception in Microsoft Defender. Microsoft has published \u003ca href=\"https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26\"\u003einstructions explaining how to do this\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate Microsoft Defender.\u003c/li\u003e\n\u003c/ol\u003e",
  "summary_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/html",
    "value": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Microsoft Defender is flagging Tailscale 1.46.1 as malware.\nThese classifications are false positives, and we are working with Microsoft to\nresolve the situation.\u003c/p\u003e\n\u003cp\u003eAs of 2023-10-27 1:05 AM UTC, we have confirmed that Microsoft have addressed\nthe false positive, meaning Defender no longer flags Tailscale 1.46.1 as\nmalware. A rescan of \u003ca href=\"https://www.virustotal.com/gui/file/cfbf0c7ef964198e39f9cc97350626673468d311b8626c6b9bef6c95e40e569b\"\u003etailscaled.exe 1.46.1 on VirusTotal\u003c/a\u003e confirms this.\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eMicrosoft Defender was flagging Tailscale 1.46.1 as malware. This caused\nDefender to quarantine the binaries, meaning they could not run.\u003c/p\u003e\n\u003cp\u003eWe submitted Tailscale 1.46.1 to Microsoft to investigate the false positive,\nwho then updated Defender to avoid flagging this release as malware at\n2023-10-27 1:05 AM UTC.\u003c/p\u003e\n\u003ch5\u003eWho is affected?\u003c/h5\u003e\n\u003cp\u003ePeople using Defender and Tailscale 1.46.1.\u003c/p\u003e\n\u003ch5\u003eWhat is the impact?\u003c/h5\u003e\n\u003cp\u003eTailscale will not run on affected machines.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eTo resolve this issue on your own tailnet, you can take either or both of 2\napproaches:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eUpdate to a newer version of Tailscale. Newer versions are not affected by this problem.\u003c/li\u003e\n\u003cli\u003eCreate an exception in Microsoft Defender. Microsoft has published \u003ca href=\"https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26\"\u003einstructions explaining how to do this\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate Microsoft Defender.\u003c/li\u003e\n\u003c/ol\u003e"
  },
  "title": "TS-2023-007",
  "title_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/plain",
    "value": "TS-2023-007"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.