Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Defender began falsely flagging valid DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, creating widespread false positives and risking certificate trust issues on Windows systems. The detections followed an April 30 signature update and, on some endpoints, removed entries from the Windows AuthRoot store. Microsoft later reported a fix in Security Intelligence update 1.449.430.0, with 1.449.431.0 as the newer build.

Related Happenings

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Open Happening

Microsoft Windows 11 KB5089549 cumulative update

Security Patch Release
First: 18.05.2026 11:33 Last: 18.05.2026 11:33 Sources 1

About this happening: Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Tycoon2FA device-code phishing campaign targeting Microsoft 365

Campaign
First: 17.05.2026 17:43 Last: 17.05.2026 17:43 Sources 1

About this happening: The **Tycoon2FA** phishing operation added **device-code phishing** to hijack **Microsoft 365** accounts, expanding its ability to steal access tokens and reach email, calendar, a...

Open Happening

Timeline

  1. 03.05.2026 21:11 1 articles · 24d ago

    Microsoft Defender signature update flags DigiCert root certificates

    Technical Analysis Update

    Microsoft Defender added detections for legitimate DigiCert root certificates on April 30, causing those certificates to be classified as Trojan:Win32/Cerdigent.A!dha on Windows systems and, in some cases, removed from the Windows trust store.

    Show sources
    Open in new tab
  2. 03.05.2026 21:11 2 articles · 24d ago

    Administrators report DigiCert root certificate removals on Windows

    Initial Disclosure

    Administrators worldwide reported DigiCert root certificate entries being flagged as malware and removed from the Windows trust store on affected systems, and Microsoft reportedly fixed the detections in Security Intelligence update 1.449.430.0, with 1.449.431.0 as the newer build.

    Show sources
    Open in new tab