Microsoft Defender recently caused a stir by mislabeling DigiCert root certificates as a malware threat, specifically Trojan:Win32/Cerdigent.A!dha. This issue started after a Defender update on April 30 and has affected many Windows users, who reported that these valid certificates were flagged and even removed from their systems.
Cybersecurity expert Florian Roth noted that this problem has led some users to panic, thinking their devices were compromised, prompting unnecessary operating system reinstalls. The certificates in question include:
– 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
– DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
These were removed from the AuthRoot store located in the Windows registry.
On social media, many users expressed frustration over the false positives. A recent update, version 1.449.431.0, reportedly fixed the issue, restoring any deleted certificates. Users can force an update by navigating to Windows Security > Virus and threat protection > Protection updates.
### Connection to a DigiCert Breach
Interestingly, this event coincided with a recent security incident at DigiCert, where attackers accessed a limited number of valid code-signing certificates. DigiCert stated that they acted quickly, revoking 60 certificates tied to the attack within 24 hours.
The method of attack involved a malicious ZIP file sent to a support team member, leading to a security breach that exposed initialization codes for some code-signing certificates. While DigiCert contained the situation, questions arose regarding whether Microsoft Defender’s alerts were related to this breach.
### The Zhong Stealer Malware Campaign
These concerns were heightened by reports of a malware campaign named “Zhong Stealer,” using certificates from DigiCert to sign malicious software. Researchers found that well-known companies had their certificates misused, raising alarms in the cybersecurity community.
The malware was delivered through various means, including phishing emails and hidden executable files. This campaign highlights how valid certificates can be exploited by malicious actors, underscoring the importance of robust cybersecurity measures.
### Expert Insights
Experts emphasize the need for users and organizations to stay vigilant. Data from a recent survey indicated that 74% of companies faced at least one cyber attack in the past year. This statistic reinforces the importance of using trusted antivirus software and regularly updating systems to guard against evolving threats.
### Conclusion
While Microsoft Defender’s detection issues are concerning, they also serve as a reminder of the complexities in cybersecurity. Staying informed about potential threats and updates is crucial in today’s digital landscape. Users can monitor updates directly through Microsoft Security to ensure their systems remain protected.
Source link
