it.ucsf.edu

Security Update:Dell released removal instructions for the eDellRoot certificate vulnerability

Status Type

Security Update

Date and Time

Wednesday, December 2, 2015 - 14:30

Reason

Security Update

Impact

All Dell systems 

WHAT HAPPENED?

Dell has released a removal tool for the eDellRoot certificate which affects Dell PC's.

Advanced Users: For a complete description of the vulnerability http://www.dell.com/support/article/us/en/19/SLN300321

AFFECTED SYSTEMS:

  • Dell PC’s

WHAT'S THE PROBLEM?

An attacker can generate certificates signed by the eDellRoot CA. Systems that trusts the eDellRoot CA will trust any certificate issued by the CA. An attacker can impersonate web sites and other services, sign software and email messages, and decrypt network traffic and other data. Common attack scenarios include impersonating a web site, performing a MiTM attack to decrypt HTTPS traffic, and installing malicious software.

HOW DO I PROTECT MY COMPUTER?

Remove the eDellRoot certificate

  1. If your Dell PC was imaged by ITFS or your system is support by ITFS, no action on your part is required.
  2. If you do not have IT support or they do not support your computer, refer to the removal instruction on the Dell website at http://www.dell.com/support/article/us/en/19/SLN300321

RELATED LINKS

QUESTIONS? NEED HELP?

  1. The UCSF IT Service Desk is available by:

       2. Parnassus: Visit Kalmanovitz Library, Room 240 during library hours.

         

Subscription to this UCSF Listserv list is based on affiliation, appointment, employment or registration at UCSF. Membership is updated every 24-hours. Individuals cannot be manually removed.