Menu
Older Dell devices also affected by dangerous eDellRoot certificate

Older Dell devices also affected by dangerous eDellRoot certificate

The problematic Dell Foundation Services tool might have updated itself on systems bought before August

Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.

The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.

After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.

That's not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates. A Dell Venue Pro 11 convertible Windows tablet in PCWorld's possession that was bought in April was affected.

"For those customers who already had Dell Foundation Services and opted in to updates, the eDellRoot certificate was part of versions 2.2/2.3 issued starting in August," a Dell representative confirmed Wednesday via email.

"When you install DFS, it asks if you want to receive automatic updates," the representative said. "Our customers who choose 'yes' receive the automatic updates."

However, since DFS comes preloaded on many systems it's unclear at which point the user has to opt in to automatic updates. According to the tool's release notes, it is compatible with devices from various product lines, including XPS, OptiPlex, Inspiron, Precision, Precision Tower, Vostro, Latitude and Venue Pro.

A second Dell self-signed root certificate called DSDTestProvider has also been found. This certificate was deployed on computers by the Dell System Detect (DSD) tool that users are prompted to install when they visit the Dell support website and click the "Detect Product" button.

This tool is not preloaded on computers and only users who visited the Dell support website between Oct. 20 and Nov. 24 were potentially prompted to download a DSD version that included the certificate. Even if users had this application installed on their computers from previous visits to the Dell support website, DSD does not update itself automatically without the user visiting the website again and agreeing to install the latest version, according to the Dell representative.

Dell has provided a removal tool and published manual removal instructions for both the eDellRoot and DSDTestProvider. Users can check if they have these certificates on their systems by pressing the Windows key + r, typing certlm.msc and hitting Run. After allowing the Microsoft Management Console to execute, they can look for them in the Trusted Root Certification Authorities > Certificates list.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags desktop PCDellPCsecurityComponentstabletslaptopseRoot certification

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments