Security

Microsoft Summons Windows Defender To Abolish Dell’s Root Certificates

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Follow on:
Google + Linkedin Subscribe to our newsletter Write a comment

Windows Defender “detects and removes” Dell’s Superfish-like certificate threat, says Microsoft

Microsoft has taken charge in the battle against Dell’s dodgy root certificates found earlier this week, tasking its Windows Defender antivirus tool with purging affected users’ computers of the suspicious .dll certs.

The free software tags the pair of certificates as ‘Win32/CompromisedCert.D’ and renders them deceased. Windows Defender also abolishes the subverting plugin that also reinstalled the certs if a user tried to remove them manually.

Microsoft security software detects and removes this threat,” said Microsoft.

Dell had been accused last weekend of pre-installing the self-signed root certification authentication (CA) onto its laptops, drawing comparisons with the Superfish malware scandal that engulfed Lenovo earlier this year.

Security

It was labelled a serious security issue as any Dell laptop with the rogue certificate has the same key and could be vulnerable to attackers.

dellA user on Reddit said he discovered his new XPS 15 laptop had the ‘eDellRoot’ certificate while troubleshooting his machine and said other Dell owners had found the same thing.

Dell subsequently issued instructions on how to remove a self-signed root certificate from a number of its PCs.

The Texas-based firm confirmed it was Dell Foundation Services that installed the ‘eDellRoot’ certificate, but stressed its existence was for customer support reasons – not like Superfish, which was used to inject adverts onto affected systems.

But the debacle wasn’t over just yet. Dell then admitted there was a second self-signed certificate pre-installed on laptops, one with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.

Both eDellRoot and the DSDTestProvider certificate were designed to help access remote support services, Dell claimed.

“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”

Data breaches of 2015 quiz!