Jump to content

Dell certificates vulnerability: How to protect your Windows systems


Recommended Posts

Got Dell? If not, don't bother, this only affects Dell computers.


A pair of digital certificates released by Dell produced a vulnerability that could expose Windows systems to risk. Learn the scope of the threat and how to remediate it.


Here is a website that tests your Dell computer for it: https://edell.tlsfun.de/


For those who don't understand certificates, or whose eyes roll up if the talks turns to a fake CA issuing bogus certificates, then do read this whole article because it is a terrific primer on Certificates, why they are good, and how they can be bad when compromised.



"Dell announced earlier this week that some of its homegrown digital (SSL) certificates used by Dell Foundation Services and Dell System Detect programs (which are intended to enhance support functions) have generated a significant security vulnerability for Windows systems. Essentially, if either certificate exists on a given computer, that computer can be lured to trust malicious systems, which might then expose it to malware or hacking attempts.

Before I go into specifics about where the threat may apply and how to protect your systems against it, here's a quick background on how certificates work.

A primer on digital certificates


A digital certificate ensures the identity of a site that is connected to by an application such as a web browser. Its purpose is to assure the visitor (or application) that the site really is who it claims to be to prevent misrepresentation, which can assist in criminal or malevolent wrongdoing. Traffic is then encrypted to and from the site to protect the data it contains.


All the details are here: http://www.techrepublic.com/article/dell-certificates-vulnerability-how-to-protect-your-windows-systems/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531

Link to comment
Share on other sites

It appears that other than checking in this article if your Dell is one of the affected ones this is over.


Microsoft Removes Trust for eDellroot Certificates




"In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers.


In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates and has updated its Certificate Trust List (CTL)."


The company claims the move is preventative in nature, as it’s unaware of any attacks related to the certificates currently.
- See more at: https://threatpost.com/microsoft-removes-trust-for-edellroot-certificates/115515/#sthash.eyygYTVH.dpuf

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...