Microsoft has updated security tools to address Dell's digital certificates that can compromise personal data.
Dell included private encryption keys for two digital certificates that are installed in the Windows root store by error. The two digital certificates are named eDellRoot and DSDTestProvider. These can help hackers in compromising personal data of users.
Microsoft has given some technical details about the issue, symptoms and preventions on its website.
"Program:Win32/CompromisedCert.C is a Dell root certificate for which the private keys were leaked online," per Microsoft.
Dell PCs containing the certificate are vulnerable to attacks by hackers. Microsoft recommends that all PCs with the above certificate may be vulnerable to SSL/TLS spoofing attacks. With this vulnerability attackers sign binaries digitally so that the affected PC trusts the attacker.
This issue can result in dire consequences as the attacker can affect the browsing experience of the affected PC and can also take control of the PC.
Microsoft has now confirmed that it has updated its security tools to address the problem. The company claims that its free software can detect and remove the digital certificate from the certificate root store.
The security tools are Windows Defender for Windows 8.1 and Windows 10. Microsoft Security Essentials for Windows 7 and Windows Vista can also fix the issue.
Other security tools that can fix the problem are Microsoft Safety Scanner and Microsoft Windows Malicious Software Removal Tool. Microsoft recommends that owners of the affected PCs should run a complete scan to find any hidden malware.
Dell was also quick to address the problem and the company has also issued an update to fix the security flaw. In an official statement, Dell has also appreciated those who reported the issue to the company.
"Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately," per the Dell statement.
