Windows Defender removes potentially dangerous Dell certificate

Days after security experts identified a self-signed root certificate that could allow attackers to gain access to some Dell PCs, Microsoft is using its built-in security software to neutralize the threat.
Written by Ed Bott, Senior Contributing Editor

Earlier this week, security experts discovered a pair of root certificates, installed by default on some Dell computers, that could allow an attacker to compromise the machines with ease.

The incident is reminiscent of a similar security blunder earlier in the year from Lenovo, which exposed its customers to a similar vulnerability by preinstalling the Superfish adware.

Dell's vulnerable certificates aren't part of a money-making scheme, as Lenovo's were, but instead were part of support tools.

And beginning today, they're being identified and automatically removed from PCs by the built-in Windows Defender security software included with all modern Windows versions.

I saw the cleanup routine in action this morning on a machine with the Dell System Detect software installed. A notification message led to this screen in Windows Defender:


Clicking the Show Details button led to this screen, which identified the potential threat as Win32/CompromisedCert.D. (The link at the bottom of the screen leads to a writeup at Microsoft's Malware Protection Center.)


I checked Certificate Manager before running the cleanup operation and confirmed that the vuilnerable DSDTestProvider certificate was installed. After the cleanup operation completed, it was gone.

The quick response should be a feather in the cap for Microsoft's Security Response group, Ironically, it won't be available for Dell owners whose PCs shipped with third-party antivirus software that's still installed and up to date.

Update: In the comments, several people have asked whether the root certificate will be reinstalled along with Dell System Detect. The answer is no, according tothis support article from Dell. I have confirmed via my own testing that the current release does not install this or any other certificate.

Editorial standards