The Channel logo


By | Darren Pauli 26th November 2015 22:46

Microsoft rides to Dell's rescue, wrecks rogue root certificate

Windows Defender lives up to its name by dealing death to Dell's dumb DLL

Microsoft has killed Dell's user-pwning root certificate and its self-reinstalling .dll with its antivirus Defender tool.

The certificate is a big blunder because it opens a universal means for attackers on public networks to hose new Dell laptops.

That's because bright minds planted a self-signed root CA certificate and private key on new laptops which allows attackers on public Wi-Fi to steal otherwise encrypted usernames, passwords, and other sensitive data.

"An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites," Microsoft bod Karthik Selvaraj says.

"This could allow a malicious hacker to steal your usernames, passwords, and confidential data.

"They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website."

The free Windows Defender tool will kill the certificates and the associated Dell.Foundation.Agent.Plugins.eDell.dll plugin that will respawn the certificate.

Microsoft flags the Dell scourge as Win32/CompromisedCert.D. Windows 7 users can run Microsoft Security Essentials, or Redmond's Safety Scanner or Malicious Removal Tool.

Dell customers curious about their exposure can visit a test site setup by system admin Hanno Böck. ®

comment icon Read 29 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe