UPDATE: Second vulnerability reported
A day after Dell announced that some of its recently shipped laptops contain a security hole that could make it easy for hackers to access users' private data, another root certificiate was reported. To combat the situation, Microsoft updated some security tools to remove the two certificates.
The company did not say how many computers or which models are affected, but did say that eDellRoot, a certificate installed by Dell Foundation Services application on PCs, unintentionally introduced the vulnerability. Commercial customers who reimaged their systems without Dell Foundation Services are not affected. The certificate will be removed from all Dell systems moving forward. According to The A Register the certificate was found in XPS, Precision, and Inspiron laptops.
The certificate was intended to be support tool to accelerate and simplify the process for customers to service their systems. The software can be removed manually by consumers, said Dell and it posted instructions on how to do it. The company said it will push software to detect and remove the certificate starting today.
Two things are working against Dell. The timing presents a major challenge, coming so close to Black Friday and also at a time when companies are making purchasing decisions for the coming year. And raising customer concerns that the certificate could also be a way for the company to collect personal data. Dell said in its statement that it was not being used that way, still the question has been raised.