Win32/CompromisedCert.D is now certifiably Dell-stroyed
Windows Defender comes to the rescue
With one fell swoop of a large thor-shaped hammer, Microsoft has dealt the fatal blow to bad certificates which were pre-loaded onto Dell laptops.
Microsoft programmed its Windows Defender to root out the nefarious certificate for which the private keys were leaked online.
Reportedly affecting versions of Windows 7 through 10 on certain Dell machines, it has been reported that the compromised certificate could allow an attacker to exploit the certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media or email websites.
This could allow a malicious hacker to steal usernames, passwords, and confidential data by convincing users they had a secure connection to the internet when in fact it had been compromised.
This is where Windows Defender has come to the rescue: the free Microsoft software offering has the ability to detect and remove the vulnerable certificates from the certificate root store, as well as the affected binaries that might re-install the vulnerable certificate.
Dell customers curious about their exposure can visit a test site setup by system admin Hanno Böck.
In an email to SCMagazineUK.com Patrick Hilt, CTO of MIRACL commented: “This is a fairly 'elegant' solution for a nasty situation. Dell has posted instructions on how to remove the vulnerabilities. But many users won't do that because either they don't know about the issue, they don't care or they can't follow Dell's instructions.
"Not removing the vulnerability will put those users at risk. Using Windows Defender is a way of actively pushing the fix which will result in fewer users being affected by the vulnerabilities. Funnily enough, that labels Dell's own code as malicious! It would be interesting to know whether Dell approached Microsoft with this solution or whether Microsoft decided to do that on their own.”