Microsoft Makes Windows Defender Remove Nasty Dell Root Certificates DLL

[Exterminator]

Content source

http://news.softpedia.com/news/microsoft-makes-windows-defender-remove-nasty-dell-root-certificates-dlls-496783.shtml

Microsoft saves whatever's left of Dell's reputation
Microsoft, everybody's favorite target when it comes to ridicule, has saved whatever was left of Dell's reputation by making Windows Defender periodically search and remove leftover DLLs that were respawning root certificates on Dell's laptops.

If you've been away from your computer this week, here's a quick summary of the entire Dell root certificates debacle.

eDellRoot, the first root certificate
Over the weekend, a Reddit user discovered that some Dell models were shipped out with a root certificate, accompanied by a private key. This root certificate was called eDellRoot and allowed attackers to extract it and then execute Man-in-the-Middle attacks, intercepting secure HTTPS communications between the affected models and HTTPS-enabled servers.

The company acknowledged the issue and said it would stop doing it, taking a serious blow to its reputation. This was because the company did the very same thing that Lenovo had done in February, when it got skewered by the press and dragged through courts.

DSDTestProvider, the second root certificate
While it all appeared to pass, only days later, a second root certificate was discovered. As with eDellRoot, this second one, known as DSDTestProvider, was also a root certificate, came with its private key, and was also found in one of Dell's support tools.

Things took a turn for the worse when security researchers discovered that both of these certificates were periodically respawned by a DLL included on affected laptops.

Because of this behavior, some antivirus companies started marking both the certificates and their DLLs as malware. Microsoft was one of them, identifying them as Win32/CompromisedCert.D.

To help Dell users affected by this issue, the Redmond company has now announced updates to its security products that will automatically remove the root certificates and the DLL that respawns them from all infected systems.

Microsoft has updated the following tools to handle Dell's problems:

● Windows Defender (Windows 10 and Windows 8.1)

● Microsoft Security Essentials (Windows 7 and Windows Vista)

● Microsoft Safety Scanner

● Microsoft Windows Malicious Software Removal Tool

 

[Anupam]

Little bit offtopic but your avatar is giving me nightmare

 

[darko999]

Damn, nice move by Microsoft on this one!

 

[Secondmineboy]

Damn, nice move by Microsoft on this one!

This isnt the first time Microsoft did something like this

 

[Pat MacKnife]

Also Qihoo 360 will fix this root

 

[Exterminator]

Little bit offtopic but your avatar is giving me nightmare

I can take off the festive hat and take another selfie if that would be better.

Poor Dell they have a huge Black Friday sale going on with some nice prices on i7 higher end Desktops & Laptops plus a nice i7 water cooled Alien ware Desktop. I would imagine this will hurt business but since Dell has acknowledged this it would be hard to for me to purchase one.

 

[LabZero]

If you have a Dell computer and want to know if you're vulnerable or not, check out this site to test.

Test for eDellRoot certificate

 

[Anupam]

If you have a Dell computer and want to know if you're vulnerable or not, check out this site to test.

Test for eDellRoot certificate

Thanks for the details. It's showing I am safe

 

[jamescv7]

Good move at all, Microsoft is really doing very well on those latest trend issues; just matter of delivery time to detect on how fast it reacts.

Zero day or not, expect it can compete against other third party. So again a good move.

 

[frogboy]

Why would Dell try to do this and think it would not be discovered. Madness.