HP withdrew an update to its OneAgent software for Windows 11 after it was found to cause serious authentication problems on some AI PCs. The update removed crucial Microsoft certificates used by organizations to log in via Microsoft Entra ID. This caused systems to lose connection to their cloud environment.
Rudy Ooms of Patch My PC discovered the error. He found that the problems arose after a silent background update from HP. This update installed a routine intended to remove remnants of old HP software called 1E Performance Assist. The attached script checked the Windows certificate store for entries containing the text 1E in the name or publisher, and then removed all certificates containing that text.
Although the intention was to delete only outdated HP certificates, the approach proved too aggressive. Some Microsoft Entra ID certificates happened to contain the same string in their fingerprint or name. As a result, these legitimate certificates were also deleted, causing the devices to lose their connection to Entra ID and Intune. According to Ooms, in practice this meant that the trust relationship between Windows and the cloud completely disappeared, preventing users from logging in with their corporate accounts.
Significant impact
The problem is limited in scope. Only HP’s new generation of AI PCs received the update, and only a small percentage of organizations use certificates containing the text 1E. Nevertheless, the impact on affected systems is significant, as recovery must be done manually. Administrators must log in locally with an administrator account, re-register the system with Entra ID, and restore the associated registration data. There is also an option to perform the process remotely via Microsoft Defender.
HP has confirmed that the update has been withdrawn and that no new devices will be affected. The company is investigating the incident further and offering support to customers experiencing problems. Microsoft itself has not yet issued a separate notification or advice about this specific issue.
According to Patch My PC’s analysis, this incident demonstrates how sensitive automated maintenance scripts can be when they modify certificates or system components without sufficient control. In this case, a simple text match on “1E” was enough to temporarily disrupt the security chain of multiple organizations.