Dell has announced a critical security vulnerability in the preinstalled certificate authority (CA) root certificate (eDellRoot) that affects newer Dell laptops and desktops. An attacker who successfully exploited the vulnerability could read encrypted Web browser traffic, impersonate Web sites, or perform other attacks on the affected system. Dell recommends that affected users permanently remove the certificate from their computers.
In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers a free version of Malwarebytes for individuals and departments. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
- Instructions for removing eDellRoot Certificate >
- Vulnerability details from US-CERT >
- Dell blog entry regarding eDellRoot certificate >
Please contact the Technology Help Desk at 412-624-HELP  if you have any questions regarding this announcement.