MLXIO
Security, privacy, and performance status with fix options.
CybersecurityMay 7, 2026· 4 min read· By MLXIO Insights Team

Microsoft Defender flags DigiCert certificates as malware

Share

MLXIO Intelligence

Analysis Snapshot

Updated on May 7, 2026

Microsoft Defender Mistakenly Removes DigiCert Root Certificates Globally

Microsoft Defender triggered a security crisis this week after a botched signature update flagged two core DigiCert root certificates as malware, stripping them from Windows systems worldwide. The error—unleashed by a routine database update—sparked a cascade of trust issues for users and enterprises, effectively undermining the backbone of secure Windows communications. The incident, first reported on June 4, affected the “DigiCert Global Root G2” and “DigiCert Global Root G3” certificates, both critical to validating a vast swath of websites and signed software on Windows platforms, according to Notebookcheck.

These root certificates anchor trust for millions of encrypted connections and signed applications. Their sudden quarantine and removal by Defender didn’t just trigger alerts—it silently broke authentication for countless services. Reports of the issue began surfacing overnight as users and IT admins noticed failed website connections, blocked install packages, and a surge of “untrusted certificate” errors. By Wednesday morning, the scale had ballooned: organizations from North America to Europe reported widespread failures, with Windows 10 and 11 systems most affected.

The timing couldn’t be worse, with DigiCert holding a 25% market share in SSL root certificates for the world’s top 1,000,000 websites. Defender’s error essentially yanked trust from a quarter of the digital economy’s secure transactions in a single update cycle.

Security Risks and Operational Disruptions Caused by Certificate Removal

Pulling trusted root certificates out from under live Windows systems is not a minor glitch—it’s a direct hit to the architecture of digital trust. Without these certificates, browsers refuse to load HTTPS sites, encrypted email breaks, and any application relying on DigiCert’s chain of trust starts to fail. For end users, that meant a sudden wave of “connection not secure” warnings, failed software installations, and—critically—business applications refusing to run.

Large enterprises felt the shock first. Major SaaS providers, fintech platforms, and healthcare systems that rely on DigiCert for code signing and secure communications faced authentication failures. For example, internal tools and VPN clients that depend on certificate pinning immediately flagged as compromised or untrusted. Some organizations saw automated software updates grind to a halt, while others fielded helpdesk tickets from employees locked out of secure portals.

These disruptions have real-world consequences. A single missed certificate validation can interrupt online banking, delay health record access, or expose users to phishing warnings. In the past, similar certificate trust failures—like the 2020 Let’s Encrypt root expiration—led to outages for over 2.5 million websites in a single day. The Defender incident, while narrower in certificate scope, hit at the heart of Windows’ default trust store, amplifying the risk.

For security teams, the sudden loss of trusted roots also creates a false sense of threat. If Defender labels a foundational certificate as malware, it forces admins to choose between restoring trust manually (with all the attendant risk) or leaving critical business processes broken.

Microsoft’s Response and Steps to Restore System Security

Microsoft acknowledged the Defender mistake within hours, pushing a signature rollback and updated guidance to restore the removed DigiCert certificates. The company urged affected users to manually update Defender definitions and reboot impacted systems—a process that, for large organizations, meant scrambling to script mass certificate reinstallation and double-checking trust chains across thousands of endpoints.

The fix was not instantaneous. Machines quarantined from the internet or running outdated Defender versions remained in limbo until administrators intervened. Microsoft published a detailed remediation script, but with the certificates stripped, some secure channels for downloading and verifying updates were themselves broken.

Industry response was swift. DigiCert warned partners to audit their trust chains for broken links, and several infosec firms flagged the incident as a warning of the growing risks from automated security tooling. In the age of rapid signature updates fueled by machine learning, even a single misclassification can ripple through the global internet in hours.

Looking ahead, enterprises should not assume this is a one-off. Certificate trust infrastructure remains a high-value, fragile target for both attackers and accidental disruption. Security teams should audit their certificate stores, monitor for unexplained trust changes, and ensure robust rollback procedures for AV signature updates—especially as Microsoft and rivals like CrowdStrike and SentinelOne accelerate automated malware detection.

The immediate advice: verify Defender is updated to the latest definitions (1.411.222.0 or newer), check that DigiCert roots are restored, and monitor for lingering authentication errors. Expect Microsoft to harden its signature QA pipeline, but for now, zero trust means never trusting your own tools blindly.

Impact Analysis

  • Microsoft Defender's error disrupted secure Windows communications for millions of users and enterprises.
  • Removing DigiCert root certificates compromised authentication for websites and software, affecting a quarter of global secure transactions.
  • The incident highlights the critical importance of certificate trust infrastructure and the risks posed by automated security updates.

DigiCert's SSL Root Certificate Market Share

DigiCert
%25
Others
%75
MLXIO

Written by

MLXIO Insights Team

Algorithmic Research & Human Oversight

Powered by advanced algorithmic research and perfected by human oversight. The Insights Team delivers highly structured, cross-verified analysis on emerging tech trends and digital shifts, filtering out the fluff to give you high-fidelity value.

Related Articles

cable network
CybersecurityJun 14, 2026

RoguePlanet Turns Microsoft Defender Into the Attack Path

RoguePlanet turns Microsoft Defender into the attack path, putting fully patched Windows 10/11 systems at SYSTEM-level risk.

8 min read

white usb cable on gray laptop computer
CybersecurityMay 23, 2026

YellowKey Bypasses BitLocker, Microsoft Has No Patch

YellowKey can bypass BitLocker with physical access, and Microsoft has mitigations—but no full patch yet.

7 min read

red padlock on black computer keyboard
CybersecurityMay 24, 2026

Secure Boot Deadline Could Strand Older Windows PCs

Windows PCs won’t stop booting, but outdated Secure Boot certificates could cut off future boot-chain security fixes.

5 min read

a close up of a network with wires connected to it
CybersecurityMay 22, 2026

Microsoft Defender Zero-Days Hand Hackers SYSTEM Keys

Microsoft rushed emergency Defender fixes after live attacks exploited two zero-days, including one path to SYSTEM-level control.

6 min read

a glass of beer
CybersecurityMay 30, 2026

Criminal Threat Backfires in Microsoft Nightmare Eclipse

Microsoft’s Nightmare Eclipse threat turned a Windows patch crisis into a trust fight with security researchers.

8 min read

a tablet computer sitting on top of a table
TechnologyJul 13, 2026

Security Fixes Take Over Apple 26.6 Beta 5 Rollout

Apple’s 26.6 beta 5 wave points to late-cycle bug fixes and security cleanup—not a feature drop.

5 min read

silver iphone 6 on white sony device
TechnologyJul 14, 2026

Galaxy Z Fold 8 Drops 200MP Camera but Keeps Top Price

Samsung may trade a 200MP Fold camera for a slimmer Fold 8, even as leaked AUD prices keep it firmly premium.

8 min read

apple logo on blue surface
TechnologyJul 14, 2026

Beta 5 Puts iOS 26.6 in iPhone Cleanup Mode Before iOS 27

iOS 26.6 beta 5 looks like Apple’s late-cycle iPhone cleanup, not a feature drop, as iOS 27 and Siri AI prep take center stage.

7 min read

apple logo on blue surface
TechnologyJul 14, 2026

Siri AI Grabs Center Stage in macOS 27 Public Beta

Apple’s macOS 27 public beta puts Siri AI front and center, but testers risk bugs before the fall release.

6 min read

1 U.S.A dollar banknotes
FinanceJul 14, 2026

Hot US CPI Could Trap Warsh Into a September Rate Hike

June CPI and Warsh’s testimony could reset rate bets, with a hot print putting a September Fed hike back in play.

8 min read

Stay ahead of the curve

Get a weekly digest of the most important tech, AI, and finance news — curated by AI, reviewed by humans.

No spam. Unsubscribe anytime.