Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates

A Microsoft Defender signature update introduced detections for Trojan:Win32/Cerdigent.A!dha that were overly broad and flagged legitimate DigiCert root certificates as malicious, causing deletions from Windows trust stores and operational disruption. The detections were tied to Microsoft’s response to a DigiCert code-signing certificate compromise (including certificates linked to the Zhong Stealer campaign); Microsoft updated the alert logic and released a patch. The report emphasizes risks from automated defenses, recommends updating Defender, validating certificate stores, centralizing certificate management, and improving monitoring and response procedures.