Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.
The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.
We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.
Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.
Since Monday, our teams have been working hard to address the security issue caused by the eDellRoot certificate. When we became aware of the issue, we immediately dug into all our applications that get pre-loaded on our PCs. We can confirm we have found no other root certificates on our factory installed PC images. What we did find was that the Dell System Detect application and its DSDTestProvider root certificate had similar characteristics to eDellRoot. Thank you again Hanno Böck for calling this to our attention, as well as topg who commented below.
In the case of Dell System Detect, our customer opts to download the software proactively to interact with our support website so we can provide a better and more personalized experience. Like eDellRoot, the certificate in question was designed to make it faster and easier for our customers to get support. Unlike eDellRoot, this certificate is not related to software that was pre-installed on our systems.
The impact from Dell System Detect is limited to customers who used the “detect product” functionality on our support site between October 20 and November 24, 2015. The application in question was removed from the support site on November 24 and a replacement application without the certificate is now available. We are proactively pushing a software update to address the issue for our consumer systems. Our commercial customers can either manually remove the certification or use their system management tools like SCCM to do so (we will be providing instructions on this shortly). If you choose the manual option, we have updated instructions on our site here to permanently remove this certificate. Note, these are updated instructions for removing both eDellRoot and DSDTestProvider from any folders where they may be stored. If you previously uninstalled eDellRoot, we recommend you go through the process again to ensure a thorough sweep.
WIRED has noted that “security is far easier to promise than it is to achieve.” We know that your trust is harder to win than it is to lose. Once we know we have addressed these issues and our customers have what they need to ensure their systems are safe, we will provide an account of how the issues were introduced – not only for your information, but so we can improve our processes.
In today’s world of ever-increasing cybersecurity threats, we all need to be vigilant. And that is the promise that we make – Dell will remain ever vigilant against security threats and we will respond with the utmost speed and accuracy when we become aware of issues that can impact our customers.
Today Microsoft released Security Advisory 3119884 that will place both the eDellRoot and DSDTestProvider certificates into the Windows Certified Trust List (CTL) as non-trusted certificates, so even if the certificates are installed, they cannot be used. CTL updates are automatically pushed to both consumer and commercial Windows PCs. Most systems with Internet access should pick up the update within the next 24 hours. For more information, see the Security Advisory. This security step is in addition to actions already taken by Dell, as outlined in this post early last week, and by partners like Microsoft and Intel who added the patch to their anti-virus, anti-malware tools on November 25 to ensure both certificates were no longer usable.
Jeff Clarke, our vice chairman and president of Client Solutions, came into the studio to tape a short message to our customers and the security community to underscore our commitment to your security, to getting these issues resolved, and to being forthcoming with information as we have it.
With this latest important step by Microsoft and the proactive security updates driven by Dell complete, we are now turning our full attention to understanding what happened and how to prevent it in the future. We will be sure to update you here when we have more information to share.