Microsoft revokes trust in Dell's dangerous root certificate

The company said most Windows PCs are "automatically protected."

dellkm.jpg
(Image: file photo)

Windows PCs will no longer trust Dell's self-signed root certificate, amid concerns it can be used to conduct man-in-the-middle attacks on millions of computers.

Microsoft said in a security bulletin that it updated its certificate list to revoke its trusted status.

It's the second strike the software and services giant has taken against the certificate, days after it updated Windows Defender -- installed on all modern Windows machines -- to remove the vulnerability.

Dell installed the "eDellRoot" certificate on support tools it bundles with its PCs, but security experts warned the certificate can be used to impersonate Dell, allowing hackers to launch attacks against vulnerable machines.

Dell itself "proactively" pushed out new software sans certificate in an automatic update.

The incident happened just a few months after a similar security blunder embroiled PC maker Lenovo, which exposed millions of users.

Microsoft said it was not aware of any attacks related to the certificate.