1.    24 Nov 2015 #1
    Join Date : Oct 2013
    Posts : 25,711
    64-bit Windows 10 Pro build 17046

    Dell acknowledges security hole in new laptops

    Major U.S. computer company Dell Inc [DI.UL] said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.

    A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.

    The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell said in a statement to Reuters. “Unfortunately, the certificate introduced an unintended security vulnerability.

    Read more: Dell acknowledges security hole in new laptops

    Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

    The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

    We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.

    Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.

    Source: Response to Concerns Regarding eDellroot Certificate
      My ComputersSystem Spec
  2.    24 Nov 2015 #2
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 17,379
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
      My ComputerSystem Spec
  3.    24 Nov 2015 #3
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 17,379
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    The fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.

    Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.

    The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.
    Dell acknowledges security hole in new laptops - Windows 10 Forums
      My ComputerSystem Spec
  4.    24 Nov 2015 #4
    Join Date : Jan 2015
    Posts : 17
    Windows 10 Pro

    It was on my Precision M3800 that I got about 3 weeks ago. I havent gotten around to wiping and doing a clean install on it yet, but was simple and easy enough to remove for now.
      My ComputerSystem Spec
  5.    27 Nov 2015 #5
    Join Date : Jul 2015
    Posts : 1,563
    Windows 10 Pro x64 RS 10586.586

    Windows Defender updates definitions to remove eDellRoot

    Click image for larger version. 

Name:	Windows-Defender-400x280.jpg 
Views:	15 
Size:	23.9 KB 
ID:	50712

    Microsoft has come to the rescue act once again as the company updates Windows Defender to periodically search and remove eDellRoot from the user’s PC’s. Dell has already been exposed with the potential threats that its self-signed root kit ( dubbed as eDellRoot ) could bring to Dell PC owners. The private key could expose users to attackers who can easily intercept HTTPs communication between the server and user’s PC loaded with eDellRoot. All this would mean that attackers could easily decrypt, modify or spoof HTTPS websites, including banking or social media, getting access to users’ private data.
    Read more: http://news.thewindowsclub.com/windo...ellroot-80997/

    Malware Protection Center: http://www.microsoft.com/security/po...rprise=0#tab=2
      My ComputerSystem Spec


Similar Threads
Thread Forum
Dell admits installing security hole on laptops, apologizes,offers fix
Dell admits installing security hole on laptops, apologizes, offers fix | Network World Dell acknowledges security hole in new laptops http://www.reuters.com/article/2015/11/23/us-usa-cybersecurity-dell-idUSKBN0TC2L120151123
AntiVirus, Firewalls and System Security
What's the difference between these two Dell laptops (after upgrade)?
Laptop 1: Inspiron 15 non-touch $549.99 Intel® Pentium® Processor N3700 128GB Solid State Drive 4GB Single Channel DDR3L 1600MHz (4GBx1) yadda yadda Laptop 2: Inpiron 15 non-touch $449.99 ($399+$50 for CPU) Intel® Pentium® Processor N3700...
General Support
UAC reverting on Dell laptops fresh install of Win10
I have a dell laptop that I'm attempting to change the UAC settings on. I have logged in as both a machine admin and a domain admin, changed the setting for UAC to notify me only when programs try to make changes to my computer. Then did a reboot....
AntiVirus, Firewalls and System Security
Upgrade advice for two Dell Vostro Laptops, 1720 and 3550
I have two older Dell Vostro laptops: Vostro 1720 Windows 7 Home Premium x64 Vostro 3550 Windows 7 Home Premium x64 For each one, when I go to the Dell product support site and enter the service tag, I get the following warning. I suspect that...
Drivers and Hardware
FREAK: Another day, another serious SSL security hole
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:21.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App

Windows 10 Forums