Dell has acknowledged a second security vulnerability in its computers, much like one discovered over the past weekend, and said it is working to fix the issue.
Like the eDellRoot certificate, the new problem involves a self-signed certificate with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.
Users can also download Dell Systems Detect in order to use the “detect product” feature on Dell’s support website. The company said users who accessed the feature between 20 October and 24 November is likely to have the offending certificate on their system.
Both eDellRoot and DSDTestProvider were designed to help access remote support services, Dell claimed.
“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”
The instructions and removal tools can be found on Dell’s website and the company said it has found no other root certificates on the factory-installed image.
Dell Systems Detect has been hit by other security issues in the past, and was found earlier this year to be vulnerable to remote code execution attacks. Dell provided a software update on Tuesday aimed at removing eDellRoot.
The vulnerable certificates recall Lenovo’s pre-installation of a similarly vulnerable certificate on some systems earlier this year. In that case, the discovery raised ire in part because the certificate was part of the company’s “Superfish” programme, which injected advertisements into web pages.
Are you a security pro? Try our quiz!
Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…
Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…