Follow us on Twitter
Follow us on FacebookMicrosoft kills dodgy security certificates
@ 2015/11/30Software giant Microsoft has killed off two dodgy security certificates being used on Dell bloatware.
Updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, will remove the certificates.
Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using.
However the private keys in both of the digital certificates could be used by attackers to sign malware, create spoof websites and conduct man-in-the-middle attacks to spy on user’s data.
Updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, will remove the certificates.
Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using.
However the private keys in both of the digital certificates could be used by attackers to sign malware, create spoof websites and conduct man-in-the-middle attacks to spy on user’s data.
