CERT mailing list archives

Dell Computers Contain CA Root Certificate Vulnerability

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 27 Nov 2015 16:16:29 -0600

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Dell Computers Contain CA Root Certificate Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2015/11/24/Dell-Computers-Contain-CA-Root-Certificate-Vulnerability ] 
11/24/2015 06:56 PM EST 
Original release date: November 24, 2015 | Last revised: November 27, 2015

Dell personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a 
critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser 
traffic (HTTPS), impersonate (spoof) any website, or perform other attacks on the affected system.

The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 
2015. As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems 
November 20–23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems.

US-CERT encourages users and administrators to review Vulnerability Note VU#870761 [ 
http://www.kb.cert.org/vuls/id/870761 ] and Dell's blog post [ 
http://www.dell.com/support/article/us/en/04/SLN300321?c=us&l=en&s=bsd&cs=04 ] for more information and guidance on 
removing the certificate.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]

Current thread:

Dell Computers Contain CA Root Certificate Vulnerability US-CERT (Nov 24)
- <Possible follow-ups>
- Dell Computers Contain CA Root Certificate Vulnerability US-CERT (Nov 27)