Categories: Security

Dell Acknowledges Second Vulnerable Certificate In Systems

Dell has acknowledged a second security vulnerability in its computers, much like one discovered over the past weekend, and said it is working to fix the issue.

Like the eDellRoot certificate, the new problem involves a self-signed certificate with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.

Second certificate

Dell acknowledged that the ‘DSDTestProvider’ certificate is put in place by an application that interacts with the Dell Support website, called Dell Systems Detect, which comes pre-installed on some Dell systems.

Users can also download Dell Systems Detect in order to use the “detect product” feature on Dell’s support website. The company said users who accessed the feature between 20 October and 24 November is likely to have the offending certificate on their system.

Both eDellRoot and DSDTestProvider were designed to help access remote support services, Dell claimed.

“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”

The instructions and removal tools can be found on Dell’s website and the company said it has found no other root certificates on the factory-installed image.

Dell Systems Detect has been hit by other security issues in the past, and was found earlier this year to be vulnerable to remote code execution attacks. Dell provided a software update on Tuesday aimed at removing eDellRoot.

The vulnerable certificates recall Lenovo’s pre-installation of a similarly vulnerable certificate on some systems earlier this year. In that case, the discovery raised ire in part because the certificate was part of the company’s “Superfish” programme, which injected advertisements into web pages.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

10 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

10 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

11 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

11 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

12 hours ago