MicrosoftI've just run the following code to find all the .lnk files affected.
DeviceEvents
| where Timestamp > datetime(2023-01-13)
| where ActionType contains "AsrOfficeMacroWin32ApiCallsBlocked"
| where FileName contains ".lnk"
| extend JSON = parse_json(AdditionalFields)
| extend isAudit = tostring(JSON.IsAudit)
| where isAudit == "false"
| summarize by Timestamp, DeviceId, FileName, FolderPath, ActionType, AdditionalFields, isAudit
| sort by Timestamp asc
This isn't just impacting the Start Menu (C:\ProgramData\Microsoft\Windows\Start Menu\Programs). What about recovering all of the User's pinned taskbar links (C:\Users\<username>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar) and their Quick Access links (C:\Users\<username>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch)?!
I suspect that these links have been lost indefinitely and us administrators are going to have to recover the Start Menu, and the users are going to have to repin every Task bar and Quick Launch shortcut manually.
Who on earth released that update without checking the impact! There are thousands of administrators across the globe now having to repair their environments which is causing a major impact on productivity.
I've always been avid user of your various cloud solutions, but this error is appauling Microsoft!