Dell has acknowledged a second security vulnerability in its computers, much like one discovered over the past weekend, and said it is working to fix the issue.
Like the eDellRoot certificate, the new problem involves a self-signed certificate with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.
Users can also download Dell Systems Detect in order to use the “detect product” feature on Dell’s support website. The company said users who accessed the feature between 20 October and 24 November is likely to have the offending certificate on their system.
Both eDellRoot and DSDTestProvider were designed to help access remote support services, Dell claimed.
“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”
The instructions and removal tools can be found on Dell’s website and the company said it has found no other root certificates on the factory-installed image.
Dell Systems Detect has been hit by other security issues in the past, and was found earlier this year to be vulnerable to remote code execution attacks. Dell provided a software update on Tuesday aimed at removing eDellRoot.
The vulnerable certificates recall Lenovo’s pre-installation of a similarly vulnerable certificate on some systems earlier this year. In that case, the discovery raised ire in part because the certificate was part of the company’s “Superfish” programme, which injected advertisements into web pages.
Are you a security pro? Try our quiz!
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…
More than 10,000 London black cab drivers sue Uber claiming company acted illegally to obtain…
Liverpool's Alder Hey children's hospital turns away electric car from car park due to 'fire…