did the Jun 9 Security Update remove trusted (amazon) certs?

We have a product that runs on Windows and uses AWS IoT to connect and transmit info.

We noticed yesterday that many - roughly 2/3 of our fleet went silent - no connections.

We have some of our own PCs that experienced this as well.  Investigation yielded issues with TLS.  The client (which is just using the default windows cert checking) actively terminated the connected.  It didn't like the cert from the AWS IoT endpoint.

All of these PCs were happily connected on Jun 8.

Investigation seemed to indicate that some combination of Amazon Root CA (1-4) and some Starfield certs were not in the device cert mgr.

Also - when we manually added AmazonRootCA1.pem to the cert mgr, our service connected again.

So the evidence seems to strongly support that the security update removed trusted amazon root certs from the cert store.

I'm guessing some/many won't notice since they are making regular TCP connections and maybe the certs get auto-added if they are not there?  But we are doing MQTT over the AWS port 8883.  So perhaps Windows did not detect this and seek to refresh its cert store?

Can anyone confirm if they have seen the same?