Categories: Security

Microsoft Summons Windows Defender To Abolish Dell’s Root Certificates

Microsoft has taken charge in the battle against Dell’s dodgy root certificates found earlier this week, tasking its Windows Defender antivirus tool with purging affected users’ computers of the suspicious .dll certs.

The free software tags the pair of certificates as ‘Win32/CompromisedCert.D’ and renders them deceased. Windows Defender also abolishes the subverting plugin that also reinstalled the certs if a user tried to remove them manually.

Microsoft security software detects and removes this threat,” said Microsoft.

Dell had been accused last weekend of pre-installing the self-signed root certification authentication (CA) onto its laptops, drawing comparisons with the Superfish malware scandal that engulfed Lenovo earlier this year.

Security

It was labelled a serious security issue as any Dell laptop with the rogue certificate has the same key and could be vulnerable to attackers.

A user on Reddit said he discovered his new XPS 15 laptop had the ‘eDellRoot’ certificate while troubleshooting his machine and said other Dell owners had found the same thing.

Dell subsequently issued instructions on how to remove a self-signed root certificate from a number of its PCs.

The Texas-based firm confirmed it was Dell Foundation Services that installed the ‘eDellRoot’ certificate, but stressed its existence was for customer support reasons – not like Superfish, which was used to inject adverts onto affected systems.

But the debacle wasn’t over just yet. Dell then admitted there was a second self-signed certificate pre-installed on laptops, one with an accompanying private key, a combination that could allow intruders to intercept encrypted network communications to and from a system, Dell said.

Both eDellRoot and the DSDTestProvider certificate were designed to help access remote support services, Dell claimed.

“The application was removed from the Dell Support site immediately and a replacement application without the certificate is now available,” Dell stated. “We are proactively pushing a software update to address the issue and have provided instructions to remove this certificate.”

Data breaches of 2015 quiz!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

2 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

3 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

4 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

20 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

21 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

21 hours ago