HP forced to pull software update which broke Microsoft security tools

An update made the trust between Windows and Entra ID "disappear"

· TechRadar

News By Sead Fadilpašić published 24 October 2025

OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

  • HP’s OneAgent update deleted key certificates, breaking Entra ID login on some AI PCs
  • The faulty script removed Microsoft-issued certificates containing “1E”, severing cloud trust
  • HP pulled the update and is helping affected users; only a small number were impacted

A silent update for HP’s OneAgent software broke a number of its AI PC devices, preventing some of its users from logging into Microsoft Entra ID - and as a result, HP was forced to pull the update and assist affected individuals.

OneAgent is a piece of software responsible for system management and updates. It was recently updated itself, to version 1.2.50.9581, and that update included a script designed to remove any files related to HP's 1E Performance Assist software.

To do that, the script would search, and delete, any certificates containing the “1E” substring in its subject, issuer, or friendly name. Unfortunately, among them was a certificate called "MS-Organization-Access", issued by Microsoft every time a device joins Microsoft Entra ID, or Intune. As soon as the script deletes the certificate, the device disconnects from Entra ID and the credentials no longer work.

Silently falling out of the cloud

The mishap was first spotted by Rudy Ooms, security researcher from Patch My PC, who said that "the whole Entra/Azure AD Join was gone!"

"With it, the devices had silently fallen out of the cloud. The whole trust between Windows and Entra ID disappeared."

The number of affected devices seems to be rather small, though. According to Ooms, since every company gets a unique certificate, there’s less than a 10% chance for the certificate to contain the risky “1E” string. Also, since the script only affects HP’s AI PCs (first released roughly a year ago), the number of potentially affected devices shrinks further.

In a statement shared with BleepingComputer, the company said it pulled the faulty patch and is working on assisting affected users.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors