Microsoft Removes Trust for eDellroot Certificates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that its revoked support for all the self-signed, trusted root certificates that were found on some Dell computers.

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers.

In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates and has updated its Certificate Trust List (CTL).

The company claims the move is preventative in nature, as it’s unaware of any attacks related to the certificates currently.

Word came last week, shortly before Thanksgiving, that several models of Dell computers were shipped with a preinstalled root certificate and private key that corresponds to the certificate. As is to be expected, many were concerned the certificates could be used to issue other certificates to spoof content, spoof domains, carry out phishing attacks, or man-in-the-middle attacks.

The certificate, eDellroot, was found on Dell XPS 15 laptops, M4800 workstations, and Inspiron desktops and laptops. Two additional certs were also found on Dell machines last week but the risk associated with both was diminished as one was expired and another only existed on two dozen machines.

Dell said last week it planned to remove the eDellroot certificate from Dell systems moving forward. The company also provided removal instructions for those affected and pushed a software update to check for the cert and remove it.

Microsoft points out in its advisory that all practically every version of Windows includes an automatically updated CTL, so most users won’t have to take any action to ensure they’re protected.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.