Windows Defender “detects and removes” Dell’s Superfish-like certificate threat, says Microsoft
Microsoft has taken charge in the battle against Dell’s dodgy root certificates found earlier this week, tasking its Windows Defender antivirus tool with purging affected users’ computers of the suspicious .dll certs.
The free software tags the pair of certificates as ‘Win32/CompromisedCert.D’ and renders them deceased. Windows Defender also abolishes the subverting plugin that also reinstalled the certs if a user tried to remove them manually.
“Microsoft security software detects and removes this threat,” said Microsoft.
Dell had been accused last weekend of pre-installing the self-signed root certification authentication (CA) onto its laptops, drawing comparisons with the Superfish malware scandal that engulfed Lenovo earlier this year.
It was labelled a serious security issue as any Dell laptop with the rogue certificate has the same key and could be vulnerable to attackers.
A user on Reddit said he discovered his new XPS 15 laptop had the ‘eDellRoot’ certificate while troubleshooting his machine and said other Dell owners had found the same thing.
Dell subsequently issued instructions on how to remove a self-signed root certificate from a number of its PCs.
The Texas-based firm confirmed it was Dell Foundation Services that installed the ‘eDellRoot’ certificate, but stressed its existence was for customer support reasons – not like Superfish, which was used to inject adverts onto affected systems.
But the debacle wasn’t over just yet. Dell then admitted there was a second self-signed certificate pre-installed on laptops, one with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.
Both eDellRoot and the DSDTestProvider certificate were designed to help access remote support services, Dell claimed.
“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”