Categories: Security

Microsoft Summons Windows Defender To Abolish Dell’s Root Certificates

Microsoft has taken charge in the battle against Dell’s dodgy root certificates found earlier this week, tasking its Windows Defender antivirus tool with purging affected users’ computers of the suspicious .dll certs.

The free software tags the pair of certificates as ‘Win32/CompromisedCert.D’ and renders them deceased. Windows Defender also abolishes the subverting plugin that also reinstalled the certs if a user tried to remove them manually.

Microsoft security software detects and removes this threat,” said Microsoft.

Dell had been accused last weekend of pre-installing the self-signed root certification authentication (CA) onto its laptops, drawing comparisons with the Superfish malware scandal that engulfed Lenovo earlier this year.

Security

It was labelled a serious security issue as any Dell laptop with the rogue certificate has the same key and could be vulnerable to attackers.

A user on Reddit said he discovered his new XPS 15 laptop had the ‘eDellRoot’ certificate while troubleshooting his machine and said other Dell owners had found the same thing.

Dell subsequently issued instructions on how to remove a self-signed root certificate from a number of its PCs.

The Texas-based firm confirmed it was Dell Foundation Services that installed the ‘eDellRoot’ certificate, but stressed its existence was for customer support reasons – not like Superfish, which was used to inject adverts onto affected systems.

But the debacle wasn’t over just yet. Dell then admitted there was a second self-signed certificate pre-installed on laptops, one with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.

Both eDellRoot and the DSDTestProvider certificate were designed to help access remote support services, Dell claimed.

“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”

Data breaches of 2015 quiz!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

18 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

19 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

19 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

20 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

20 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

21 hours ago