Microsoft Defender Flags DigiCert Roots as Cerdigent Trojan

Microsoft Defender's new "Cerdigent" detection flagged DigiCert root certificates as a high-severity trojan and quarantined them on Windows machines worldwide. The detection — Trojan:Win32/Cerdigent.A!dha — went out on April 30th in Defender definition update 1.449.424.0. It hit registry entries for two of the most widely-used trust anchors on the public internet: DigiCert Assured ID Root CA and DigiCert Trusted Root G4. The false positive landed shortly after DigiCert disclosed an early-April incident in which a threat actor compromised a support analyst's machine and used that access to obtain valid code-signing certificates. DigiCert revoked 60 certs in response, 27 of them used to sign actual malware. Microsoft hasn't said the new signature was a response to the incident, but Bleeping Computer notes the timing. The fix shipped in Defender update 1.449.430.0 (current build 1.449.431.0) and reportedly auto-restores quarantined certs on affected machines. Sources: https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/ https://www.neowin.net/news/microsoft-defender-flagging-cerdigent-trojan-malware-on-windows-11-server-pcs-worldwide/ https://bugzilla.mozilla.org/show_bug.cgi?id=2033170 More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #windows #microsoftdefender