Windows 10: Dell acknowledges security hole in new laptops

  1. Brink's Avatar
    Posts : 33,076
    64-bit Windows 10 Pro build 18262
       24 Nov 2015 #1

    Dell acknowledges security hole in new laptops

    Major U.S. computer company Dell Inc [DI.UL] said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.

    A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.

    The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.

    Read more: Dell acknowledges security hole in new laptops

    Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

    The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

    We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.

    Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.

    Source: Response to Concerns Regarding eDellroot Certificate
      My ComputersSystem Spec

  2. Borg 386's Avatar
    Posts : 21,579
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       24 Nov 2015 #1
      My ComputerSystem Spec

  3. Borg 386's Avatar
    Posts : 21,579
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       24 Nov 2015 #2

    The fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.

    Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.

    The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.
    Dell acknowledges security hole in new laptops - Windows 10 Forums
      My ComputerSystem Spec

  4.    24 Nov 2015 #3

    It was on my Precision M3800 that I got about 3 weeks ago. I havent gotten around to wiping and doing a clean install on it yet, but was simple and easy enough to remove for now.
      My ComputerSystem Spec

  5. Cluster Head's Avatar
    Posts : 1,563
    Windows 10 Pro x64 RS 10586.586
       27 Nov 2015 #4

    Windows Defender updates definitions to remove eDellRoot

    Click image for larger version. 

Name:	Windows-Defender-400x280.jpg 
Views:	15 
Size:	23.9 KB 
ID:	50712

    Microsoft has come to the rescue act once again as the company updates Windows Defender to periodically search and remove eDellRoot from the user’s PC’s. Dell has already been exposed with the potential threats that its self-signed root kit ( dubbed as eDellRoot ) could bring to Dell PC owners. The private key could expose users to attackers who can easily intercept HTTPs communication between the server and user’s PC loaded with eDellRoot. All this would mean that attackers could easily decrypt, modify or spoof HTTPS websites, including banking or social media, getting access to users’ private data.
    Read more:

    Malware Protection Center:
      My ComputerSystem Spec


Related Threads
Dell admits installing security hole on laptops, apologizes, offers fix | Network World Dell acknowledges security hole in new laptops
Laptop 1: Inspiron 15 non-touch $549.99 Intel® Pentium® Processor N3700 128GB Solid State Drive 4GB Single Channel DDR3L 1600MHz (4GBx1) yadda yadda Laptop 2: Inpiron 15 non-touch $449.99 ($399+$50 for CPU) Intel® Pentium® Processor N3700...
UAC reverting on Dell laptops fresh install of Win10 in AntiVirus, Firewalls and System Security
I have a dell laptop that I'm attempting to change the UAC settings on. I have logged in as both a machine admin and a domain admin, changed the setting for UAC to notify me only when programs try to make changes to my computer. Then did a reboot....
I have two older Dell Vostro laptops: Vostro 1720 Windows 7 Home Premium x64 Vostro 3550 Windows 7 Home Premium x64 For each one, when I go to the Dell product support site and enter the service tag, I get the following warning. I suspect that...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:46.
Find Us