HP forced to pull software update which broke Microsoft security tools

News
By published

An update made the trust between Windows and Entra ID "disappear"

Abstract image of cyber security in action.
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)
  • HP’s OneAgent update deleted key certificates, breaking Entra ID login on some AI PCs
  • The faulty script removed Microsoft-issued certificates containing “1E”, severing cloud trust
  • HP pulled the update and is helping affected users; only a small number were impacted

A silent update for HP’s OneAgent software broke a number of its AI PC devices, preventing some of its users from logging into Microsoft Entra ID - and as a result, HP was forced to pull the update and assist affected individuals.

OneAgent is a piece of software responsible for system management and updates. It was recently updated itself, to version 1.2.50.9581, and that update included a script designed to remove any files related to HP's 1E Performance Assist software.

To do that, the script would search, and delete, any certificates containing the “1E” substring in its subject, issuer, or friendly name. Unfortunately, among them was a certificate called "MS-Organization-Access", issued by Microsoft every time a device joins Microsoft Entra ID, or Intune. As soon as the script deletes the certificate, the device disconnects from Entra ID and the credentials no longer work.

Silently falling out of the cloud

The mishap was first spotted by Rudy Ooms, security researcher from Patch My PC, who said that "the whole Entra/Azure AD Join was gone!"

"With it, the devices had silently fallen out of the cloud. The whole trust between Windows and Entra ID disappeared."

The number of affected devices seems to be rather small, though. According to Ooms, since every company gets a unique certificate, there’s less than a 10% chance for the certificate to contain the risky “1E” string. Also, since the script only affects HP’s AI PCs (first released roughly a year ago), the number of potentially affected devices shrinks further.

In a statement shared with BleepingComputer, the company said it pulled the faulty patch and is working on assisting affected users.

"HP is aware of a potential issue affecting some HP AI PCs related to a recent over the air update," HP told the publication. "The update is no longer available and will not affect more AI PCs. We're investigating the issue and working closely with impacted customers on mitigation."

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best cloud storage header
The best cloud storage for all budgets

➡️ Read our full guide to the best cloud storage
1. Best overall:
IDrive
2. Best lifetime value:
pCloud
3. Best for syncing:
Sync.com

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.