Microsoft rides to Dell's rescue, wrecks rogue root certificate

Windows Defender lives up to its name by dealing death to Dell's dumb DLL

28 Reg comments Got Tips?

Microsoft has killed Dell's user-pwning root certificate and its self-reinstalling .dll with its antivirus Defender tool.

The certificate is a big blunder because it opens a universal means for attackers on public networks to hose new Dell laptops.

That's because bright minds planted a self-signed root CA certificate and private key on new laptops which allows attackers on public Wi-Fi to steal otherwise encrypted usernames, passwords, and other sensitive data.

"An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites," Microsoft bod Karthik Selvaraj says.

"This could allow a malicious hacker to steal your usernames, passwords, and confidential data.

"They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website."

The free Windows Defender tool will kill the certificates and the associated Dell.Foundation.Agent.Plugins.eDell.dll plugin that will respawn the certificate.

Microsoft flags the Dell scourge as Win32/CompromisedCert.D. Windows 7 users can run Microsoft Security Essentials, or Redmond's Safety Scanner or Malicious Removal Tool.

Dell customers curious about their exposure can visit a test site setup by system admin Hanno Böck. ®


Biting the hand that feeds IT © 1998–2020