Microsoft Defender’s false alarm: what it means for your business

Last week, Windows users across the country woke up to a high-severity malware warning on their machines. The alert named something called Trojan:Win32/Cerdigent.A!dha, and it looked serious. Some people panicked enough to reset their computers entirely. The reality? There was no infection. According to BleepingComputer, Microsoft’s own antivirus had flagged two completely legitimate, long-trusted certificates as malware by mistake.

What actually happened

On 30 April, Microsoft pushed a Defender update designed to block certificates stolen in a real breach at DigiCert, a company whose digital certificates are used by software and websites to prove they’re genuine. The update was meant to neutralise about 60 stolen certificates. But the definition was written too broadly, and it ended up catching two legitimate DigiCert root certificates that have been in Windows for years.

Root certificates are the quiet foundation of trust on your computer. They’re what lets your browser be confident that the website you’re looking at is genuinely your bank, not a convincing copy. They’re what tells Windows that a software update is real. When Defender removed them, browsers started throwing certificate errors, websites refused to load cleanly, and software updates looked suspicious. It lasted about three days before Microsoft pushed a fix.

How to know you’re fine now

The security community spotted the pattern quickly: when five machines all throw identical alerts at the same time, but other tools report nothing, that points to a false positive rather than a genuine infection. Microsoft acknowledged the mistake and released a corrected update, Security Intelligence version 1.449.430.0, on 3 May. It stopped the false alerts and automatically restored the removed certificates.

If your Windows updates run automatically, you almost certainly already have the fix. To check, go to Windows Security > Virus and threat protection > Protection updates and force a manual update if you’re unsure. The certificates restore themselves. You don’t need to reinstall anything.

The broader point

This is a good example of something worth understanding: even well-intentioned security updates can cause real disruption. When antivirus software touches core parts of Windows like the certificate store, the knock-on effects spread fast. The fact that Microsoft identified and fixed this within three days is the right response. But it’s also a reminder that having someone keeping an eye on your security alerts matters, especially when the alert itself turns out to be a ghost.

If you run into something similar and aren’t sure whether it’s a real threat or a false alarm, it’s always worth a quick call to whoever looks after your IT before doing anything drastic. Resetting Windows over a false positive is a painful way to lose a morning.

Worth knowing about. And if this kind of thing keeps you up at night, our article on what happens when patches go wrong is a useful read.