Response to Concerns Regarding eDellroot Certificate

Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.

Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.

*****UPDATE 11/25/2015*****

Since Monday, our teams have been working hard to address the security issue caused by the eDellRoot certificate. When we became aware of the issue, we immediately dug into all our applications that get pre-loaded on our PCs. We can confirm we have found no other root certificates on our factory installed PC images. What we did find was that the Dell System Detect application and its DSDTestProvider root certificate had similar characteristics to eDellRoot. Thank you again Hanno Böck for calling this to our attention, as well as topg who commented below.

In the case of Dell System Detect, our customer opts to download the software proactively to interact with our support website so we can provide a better and more personalized experience. Like eDellRoot, the certificate in question was designed to make it faster and easier for our customers to get support. Unlike eDellRoot, this certificate is not related to software that was pre-installed on our systems.

The impact from Dell System Detect is limited to customers who used the “detect product” functionality on our support site between October 20 and November 24, 2015. The application in question was removed from the support site on November 24 and a replacement application without the certificate is now available. We are proactively pushing a software update to address the issue for our consumer systems. Our commercial customers can either manually remove the certification or use their system management tools like SCCM to do so (we will be providing instructions on this shortly). If you choose the manual option, we have updated instructions on our site here to permanently remove this certificate. Note, these are updated instructions for removing both eDellRoot and DSDTestProvider from any folders where they may be stored. If you previously uninstalled eDellRoot, we recommend you go through the process again to ensure a thorough sweep.

WIRED has noted that “security is far easier to promise than it is to achieve.” We know that your trust is harder to win than it is to lose. Once we know we have addressed these issues and our customers have what they need to ensure their systems are safe, we will provide an account of how the issues were introduced – not only for your information, but so we can improve our processes.

In today’s world of ever-increasing cybersecurity threats, we all need to be vigilant. And that is the promise that we make – Dell will remain ever vigilant against security threats and we will respond with the utmost speed and accuracy when we become aware of issues that can impact our customers.

*****UPDATE 11/30/2015*****

Today Microsoft released Security Advisory 3119884 that will place both the eDellRoot and DSDTestProvider certificates into the Windows Certified Trust List (CTL) as non-trusted certificates, so even if the certificates are installed, they cannot be used.  CTL updates are automatically pushed to both consumer and commercial Windows PCs. Most systems with Internet access should pick up the update within the next 24 hours. For more information, see the Security Advisory. This security step is in addition to actions already taken by Dell, as outlined in this post early last week, and by partners like Microsoft and Intel who added the patch to their anti-virus, anti-malware tools on November 25 to ensure both certificates were no longer usable.

Jeff Clarke, our vice chairman and president of Client Solutions, came into the studio to tape a short message to our customers and the security community to underscore our commitment to your security, to getting these issues resolved, and to being forthcoming with information as we have it.

With this latest important step by Microsoft and the proactive security updates driven by Dell complete, we are now turning our full attention to understanding what happened and how to prevent it in the future. We will be sure to update you here when we have more information to share.

About the Author: Laura Pevehouse

Laura Pevehouse was profiled as one of five “social media mavens” in the March 2009 issue of Austin Woman Magazine and named an AdWeek’s TweetFreak Five to Follow. She has been part of the Dell organization for more than 15 years in various corporate communications, employee communications, public relations, community affairs, marketing, branding, social media and online communication roles. From 2014-2018, Laura was Chief Blogger/Editor-in-Chief for Direct2DellEMC and Direct2Dell, Dell’s official corporate blog that she help launch in 2007. She is now a member of the Dell Technologies Chairman Communications team. Earlier in her Dell career she focused on Global Commercial Channels and US Small and Medium Business public relations as part of the Global Communications team. Prior to that, she was responsible for global strategy in social media and community management, as well as marcom landing pages, as a member of Dell’s Global SMB Marketing, Brand and Creative team. When she was part of Dell’s Global Online group, Laura provided internal consulting that integrated online and social media opportunities with a focus on Corporate Communications and Investor Relations. She managed the home page of Dell.com, one of the top 500 global web sites in Alexa traffic rank, and first brought web feeds and podcasts to the ecommerce site. In her spare time she led Dell into the metaverse with the creation of Dell Island in the virtual world Second Life. Laura has earned the designation of Accredited Business Communicator from the International Association of Business Communicators, and received her Bachelor of Arts in Journalism from Louisiana State University. Before joining Dell Financial Services in 2000, she worked at the Texas Workforce Commission and PepsiCo Food Systems Worldwide.
Topics in this article