Windows Defender removes potentially dangerous Dell certificate
![ed-bott](https://www.zdnet.com/a/img/resize/53ea6d95ba2f62d612a514d19551a13b56941f68/2022/08/05/e98b0a76-a96a-4fbb-be02-00807405874e/ed-bott.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Earlier this week, security experts discovered a pair of root certificates, installed by default on some Dell computers, that could allow an attacker to compromise the machines with ease.
The incident is reminiscent of a similar security blunder earlier in the year from Lenovo, which exposed its customers to a similar vulnerability by preinstalling the Superfish adware.
Dell's vulnerable certificates aren't part of a money-making scheme, as Lenovo's were, but instead were part of support tools.
And beginning today, they're being identified and automatically removed from PCs by the built-in Windows Defender security software included with all modern Windows versions.
I saw the cleanup routine in action this morning on a machine with the Dell System Detect software installed. A notification message led to this screen in Windows Defender:
![windows-defender-dell-cert-removal-1.png](https://www.zdnet.com/a/img/resize/6159139e58c22c2f3637abc1246266f8b7be59a8/2015/11/26/684acd98-4bd4-426f-bbf9-b10ae40d4478/windows-defender-dell-cert-removal-1.png?auto=webp&width=1280)
Clicking the Show Details button led to this screen, which identified the potential threat as Win32/CompromisedCert.D. (The link at the bottom of the screen leads to a writeup at Microsoft's Malware Protection Center.)
I checked Certificate Manager before running the cleanup operation and confirmed that the vuilnerable DSDTestProvider certificate was installed. After the cleanup operation completed, it was gone.
The quick response should be a feather in the cap for Microsoft's Security Response group, Ironically, it won't be available for Dell owners whose PCs shipped with third-party antivirus software that's still installed and up to date.
Update: In the comments, several people have asked whether the root certificate will be reinstalled along with Dell System Detect. The answer is no, according tothis support article from Dell. I have confirmed via my own testing that the current release does not install this or any other certificate.