U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Dell Computers Contain CA Root Certificate Vulnerability

Original release date: November 24, 2015 | Last revised: November 27, 2015

Dell personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic (HTTPS), impersonate (spoof) any website, or perform other attacks on the affected system.

The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 2015. As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems November 20–23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems.

US-CERT encourages users and administrators to review Vulnerability Note VU#870761 and Dell's blog post for more information and guidance on removing the certificate.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top