CERT mailing list archives
Dell Computers Contain CA Root Certificate Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 27 Nov 2015 16:16:29 -0600
U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Dell Computers Contain CA Root Certificate Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2015/11/24/Dell-Computers-Contain-CA-Root-Certificate-Vulnerability ] 11/24/2015 06:56 PM EST Original release date: November 24, 2015 | Last revised: November 27, 2015 Dell personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic (HTTPS), impersonate (spoof) any website, or perform other attacks on the affected system. The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 2015. As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems November 20–23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems. US-CERT encourages users and administrators to review Vulnerability Note VU#870761 [ http://www.kb.cert.org/vuls/id/870761 ] and Dell's blog post [ http://www.dell.com/support/article/us/en/04/SLN300321?c=us&l=en&s=bsd&cs=04 ] for more information and guidance on removing the certificate. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Dell Computers Contain CA Root Certificate Vulnerability US-CERT (Nov 24)
- <Possible follow-ups>
- Dell Computers Contain CA Root Certificate Vulnerability US-CERT (Nov 27)