Archived News‎ > ‎

Critical - Dell systems running Windows: eDellRoot certificate compromise

posted Nov 30, 2015, 10:49 AM by Ken Gribble   [ updated Apr 25, 2016, 11:38 AM ]

Synopsis

The eDellRoot certificate installed on certain Dell laptops and PCs has introduced a security vulnerability on those systems with it installed. This threat is that private keys were leaked for a Dell root certificate. This means attackers can use this certificate to modify your browsing experience and steal sensitive information.


Fix
Please ensure Windows Defender for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 is running and up-to-date. Both these packages are free. If either of those packages are up to date and running, it has probably already removed the vulnerable certificate. 
Alternatively you can manually remove this certificate.
Contact support@cs.ucdavis.edu if you have a Dell PC running Windows and cannot do either of the steps above, help desk can assist you in installing and updating the correct software.

Details

Win32/CompromisedCert.C is a Dell root certificate for which the private keys were leaked online.

The certificates can be found in Dell PCs running these OS: Windows 10, Windows 8.1, Windows 8, Windows 7

If your Dell PC contains this certificate, it most likely vulnerable to this threat. A PC with this certificate could be vulnerable to SSL/TLS spoofing attacks, allowing an attacker to digitally sign binaries so that they are trusted by the affected PC. An attacker could gain control over your PC and browsing experience. An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites. This could allow a malicious hacker to steal your account names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.

Comments