/>
X
Innovation

Windows Defender removes potentially dangerous Dell certificate

Days after security experts identified a self-signed root certificate that could allow attackers to gain access to some Dell PCs, Microsoft is using its built-in security software to neutralize the threat.
ed-bott
Written by Ed Bott, Senior Contributing Editor on

Earlier this week, security experts discovered a pair of root certificates, installed by default on some Dell computers, that could allow an attacker to compromise the machines with ease.

The incident is reminiscent of a similar security blunder earlier in the year from Lenovo, which exposed its customers to a similar vulnerability by preinstalling the Superfish adware.

Dell's vulnerable certificates aren't part of a money-making scheme, as Lenovo's were, but instead were part of support tools.

And beginning today, they're being identified and automatically removed from PCs by the built-in Windows Defender security software included with all modern Windows versions.

I saw the cleanup routine in action this morning on a machine with the Dell System Detect software installed. A notification message led to this screen in Windows Defender:

windows-defender-dell-cert-removal-1.png

Clicking the Show Details button led to this screen, which identified the potential threat as Win32/CompromisedCert.D. (The link at the bottom of the screen leads to a writeup at Microsoft's Malware Protection Center.)

windows-defender-dell-cert-removal-2.png

I checked Certificate Manager before running the cleanup operation and confirmed that the vuilnerable DSDTestProvider certificate was installed. After the cleanup operation completed, it was gone.

The quick response should be a feather in the cap for Microsoft's Security Response group, Ironically, it won't be available for Dell owners whose PCs shipped with third-party antivirus software that's still installed and up to date.

Update: In the comments, several people have asked whether the root certificate will be reinstalled along with Dell System Detect. The answer is no, according tothis support article from Dell. I have confirmed via my own testing that the current release does not install this or any other certificate.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop

Elon Musk drops details about Tesla's humanoid robot
tesla-humanoid

Elon Musk drops details about Tesla's humanoid robot