- HP’s OneAgent update deleted key certificates and breaks Entra ID login on some AI PCs
- The flawed script removed Microsoft-issued certificates containing “1E”, breaking the cloud trust
- HP pulled the update and is assisting affected users; only a small number were affected
A silent update to HP’s OneAgent software broke a number of its AI PC devices, preventing some of its users from logging into Microsoft Entra ID — and as a result, HP was forced to pull the update and help affected individuals.
OneAgent is a piece of software responsible for system management and updates. It recently updated itself to version 1.2.50.9581, and that update included a script designed to remove all files related to HP’s 1E Performance Assist software.
To do so, the script would search and delete all certificates containing the “1E” substring in its subject, issuer, or friendly name. Unfortunately, among them was a certificate called “MS-Organization-Access”, issued by Microsoft every time a device joins Microsoft Entra ID or Intune. As soon as the script deletes the certificate, the device is disconnected from Entra ID and the credentials no longer work.
Silently falling out of the cloud
The crash was first discovered by Patch My PC security researcher Rudy Ooms, who said “the entire Entra/Azure AD Join was gone!”
“With it, the devices had silently dropped out of the cloud. The entire trust between Windows and Entra ID disappeared.”
However, the number of affected devices appears to be quite small. Since each company gets a unique certificate, according to Ooms, there is less than a 10% chance that the certificate will contain the risky “1E” string. Since the script only affects HP’s AI PCs (first released about a year ago), the number of potentially affected devices further decreases.
In a statement shared with Bleeping Computerthe company said it pulled the faulty patch and is working to help affected users.
“HP is aware of a potential issue affecting some HP AI PCs related to a recent over-the-air update,” HP told the publication. “The update is no longer available and will not affect any more AI PCs. We are investigating the issue and working closely with affected customers on remediation.”
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best cloud storage for all budgets
