Microsoft fixes Defender false alerts on DigiCert certificates
Updated
Updated · linkedin · May 4
Microsoft fixes Defender false alerts on DigiCert certificates
8 articles · Updated · linkedin · May 4
The problem followed an April 30 signature update that labelled trusted root certificates Trojan:Win32/Cerdigent.A!dha and sometimes removed them from Windows trust stores.
Microsoft said Security Intelligence versions 1.449.430.0 and 1.449.431.0 stop the false detections, and users reported the updates also restored deleted certificates automatically.
The incident disrupted secure connections and software validation, prompting some reinstalls, and came amid scrutiny after DigiCert disclosed a separate April breach involving 60 revoked code-signing certificates.
After Defender's false alarm and DigiCert's breach, is our digital certificate system fundamentally broken?
With today's security failing, are we prepared for the looming quantum threat to our entire digital world?
When automated security causes global chaos, who is truly in control of our digital infrastructure?
April 2026 DigiCert Breach and Microsoft Defender False Positive Trigger Widespread Trust Chain Disruption
Overview
On April 30, 2026, a Microsoft Defender update mistakenly flagged two essential DigiCert root certificates as malware, leading to their automatic quarantine and removal from affected systems. This caused widespread SSL/TLS validation failures, browser warnings, and application crashes worldwide. The false positive stemmed from aggressive detection logic developed in response to a recent DigiCert breach, where attackers used social engineering and a misconfigured security agent to steal certificate codes and fraudulently sign malware. Microsoft quickly released fixes on May 1-2, restoring certificates automatically for most systems, while administrators manually restored others. The incident exposed risks in automated threat responses and highlighted the need for stronger safeguards around critical security infrastructure.