Scroll Top

Microsoft Zaps Dell’s dodgy certificates


Microsoft has updated several of its security tools to remove two digital certificates installed on new Dell computers that could compromise data.

The updates apply to Windows Defender for Windows 10 and 8.1. Microsoft Security Essentials for Windows 7 and Vista and its Safety Scanner and Malicious Software Removal tool.

Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using. Certificates are named eDellRoot and the other DSDTestProvider.

Security experts were alarmed by the mistake. The private keys in both of the digital certificates could be used by attackers to sign malware, create spoof websites and conduct man-in-the-middle attacks to spy on user’s data.

Microsoft’s tool may help those who for one reason or another haven’t either downloaded or received the updates from Dell.

Originally posted on IT World