Microsoft Defender began incorrectly flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha following a signature update on April 30th. The false positives caused widespread alerts and, on some systems, removed the certificates from the Windows trust store, prompting some users to reinstall Windows. Microsoft has since released a fix in Security Intelligence update 1.449.430.0 that also restores removed certificates. The incident may be connected to a DigiCert security breach in which attackers compromised a support team member, obtained EV code-signing initialization codes, and used them to sign malware — including a campaign attributed to Chinese threat group GoldenEyeDog using certificates fraudulently issued to companies like Lenovo and Kingston. DigiCert revoked 60 certificates, 27 linked to the 'Zhong Stealer' malware campaign. However, the root certificates flagged by Defender do not match the revoked code-signing certificates.
Table of contents
Possibly linked to a recent DigiCert breachZhong Stealer malware campaign99% of What Mythos Found Is Still Unpatched.Sort: