Menu
Microsoft zaps dodgy Dell digital certificates

Microsoft zaps dodgy Dell digital certificates

The company's security tools will remove the eDellRoot and DSDTestProvider certificates

Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data.

The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, according to postings here and here.

Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using.

Security experts were alarmed by the mistake. The private keys in both of the digital certificates could be used by attackers to sign malware, create spoof websites and conduct man-in-the-middle attacks to spy on user's data.

One of the certificates is named eDellRoot and the other DSDTestProvider. Exposure to the latter certificate was likely more limited, as users had to download it, and the risky version was only available between Oct. 20 and Nov. 24, Dell has said.

The eDellRoot certificate, however, shipped with many new Dell laptop and desktop models. Also, older computers that ran the support tool, Dell Foundation Services (DFS), may also have been affected if DFS was configured for automatic updates. The dodgy certificate was issued with a DFS update in August.

Dell released updates on Tuesday to remove the certificates, and it also described how to remove the certificates manually. Microsoft's tool may help those who for one reason or another haven't either downloaded or received the updates from Dell.

Symantec wrote on Tuesday that it had seen malware samples indexed by VirusTotal that were digitally signed by the eDellRoot certificate. Malware signed with eDellRoot would allow it to bypass some security defenses.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments