Older Dell devices also affected by dangerous eDellRoot certificate

The problematic Dell Foundation Services tool might have updated itself on systems bought before August

Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.

The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.

After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.

That's not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates. A Dell Venue Pro 11 convertible Windows tablet in PCWorld's possession that was bought in April was affected.

"For those customers who already had Dell Foundation Services and opted in to updates, the eDellRoot certificate was part of versions 2.2/2.3 issued starting in August," a Dell representative confirmed Wednesday via email.

"When you install DFS, it asks if you want to receive automatic updates," the representative said. "Our customers who choose 'yes' receive the automatic updates."

However, since DFS comes preloaded on many systems it's unclear at which point the user has to opt in to automatic updates. According to the tool's release notes, it is compatible with devices from various product lines, including XPS, OptiPlex, Inspiron, Precision, Precision Tower, Vostro, Latitude and Venue Pro.

A second Dell self-signed root certificate called DSDTestProvider has also been found. This certificate was deployed on computers by the Dell System Detect (DSD) tool that users are prompted to install when they visit the Dell support website and click the "Detect Product" button.

This tool is not preloaded on computers and only users who visited the Dell support website between Oct. 20 and Nov. 24 were potentially prompted to download a DSD version that included the certificate. Even if users had this application installed on their computers from previous visits to the Dell support website, DSD does not update itself automatically without the user visiting the website again and agreeing to install the latest version, according to the Dell representative.

Dell has provided a removal tool and published manual removal instructions for both the eDellRoot and DSDTestProvider. Users can check if they have these certificates on their systems by pressing the Windows key + r, typing certlm.msc and hitting Run. After allowing the Microsoft Management Console to execute, they can look for them in the Trusted Root Certification Authorities > Certificates list.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags desktop PCDellPCsecurityComponentstabletslaptopseRoot certification

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?