How to Patch Dell's Dangerous Certificate Flaw

  • MORE

As we reported yesterday (Nov. 23), Dell is selling computers with at least one dangerous security flaw that makes it easy for hackers to access your system. We have found two such vulnerabilities in a Dell XPS 13; other reports indicate that XPS 15 and Inspiron 5000 notebooks are also at risk; and the problem may affect up to 36 Dell laptops and desktops. Last night, Dell admitted it made a mistake and offered a solution to patch the more commonplace flaw.

dell xps 13 w g01 copy

The affected Dell machines come preloaded with at least one self-signed digital certificate, called eDellRoot, that lets anyone impersonate Dell. The upshot is that malicious websites or software would automatically be trusted by Dell's security software. Hackers lurking on public Wi-Fi networks could perform "man-in-the-middle" attacks on other users' secure Internet connections, and phishing websites could masquerading as part of Dell's network. 

MORE: 100+ Tech Gift Ideas for Men, Women and Kids

Examining a Dell XPS 13 yesterday, we found a second self-signed Dell certificate called DSDTestProvider. Like eDellRoot, it also contains a private key, which can be extracted using commonplace hacker tools. It's not clear how widespread the use of eDellRoot is, but a Dell webpage explaining the associated software lists 36 compatible systems.

To test whether a recently purchased Dell computer contains eDellRoot, visit, a website that uses the private key to authenticate itself as Dell, using the Internet Explorer, Edge, Google Chrome or Opera browser. (Mozilla Firefox uses its own certificated and may not be affected.) If you see an image of a ninja dog, you're vulnerable.

Dell has released its own instructions (Word doc) for how to remove the eDellRoot certificates, and said last night that a software patch issued today would remove the certificate. Dell does not mention the DSDTestProvider certificate, and we have asked Dell for clarification, but the below steps seem to have removed that certificate as well.

How to Remove Dell's Self-Signed Certificates

1. Right-click on the Taskbar, and select Task Manager or Start Task Manager.

01 1

2. Tap More Details in Windows 10. (Windows 7 users can skip this step.)

02 1

3. Select Services from the row of tabs.

03 1

4. Tap Open Services on the bottom of the window. (In Windows 7, the button is simply Services.)

04 1

5. Select Dell Foundation Services.05 1

6. Select Stop the service on the left side of the window.

06 1 copy

7. Open File Explorer.

07 1

8. Tap on the path field, type "c:\Program Files\Dell\Dell Foundation Services" and click Return.

08 1

9. Right-click "Dell.Foundation.Agent.Plugins.eDell.dll"

09 1

10.  Select Delete.

10 1

11. Type "certmgr.msc" into the start menu field. (Windows 8.1 users should click on the magnifying-glass icon in the upper right of the tiled desktop, then type in "certmgr.msc.")

How To Remove Dell’s Sloppy Security Software

12. Tap on certmgr.msc from the top of the Start menu's search results.

How To Remove Dell’s Sloppy Security Software

13. Select Trusted Root Certificate Authorities from the menu on the left side of the window.


14. Tap on Certificates from the menu on the right side the window.


15. Right-click on DSDTestProvider if you see it on the right side of the window.


16. Select Delete.


17. Tap Yes to confirm.


18. Right-click on eDellRoot on the right side of the window.


19. Select Delete.


20. Tap Yes to confirm.


21. Tap on the Start button.

How To Remove Dell’s Sloppy Security Software

22. Select Power. (In Windows 8.1, the power icon will be on the upper right of the tiled desktop . In Windows 7, click the arrow next to Shut down.)

How To Remove Dell’s Sloppy Security Software

23. Tap on Restart.

How To Remove Dell’s Sloppy Security Software

Repeat steps 11–14 to view your Trusted Root Certificate files. The DSDTestProvider and eDellRoot certificates should now be gone. If they're not, repeat the steps above.


Author Bio
Henry T. Casey
Henry T. Casey,
After graduating from Bard College a B.A. in Literature, Henry T. Casey worked in publishing and product development at Rizzoli and The Metropolitan Museum of Art, respectively. Henry joined Tom's Guide and LAPTOP having written for The Content Strategist, Tech Radar and Patek Philippe International Magazine. He divides his free time between going to live concerts, listening to too many podcasts, and mastering his cold brew coffee process. Content rules everything around him.
Henry T. Casey, on
Add a comment
1 comment
  • Brendan Byrne Says:

    Thanks so much for this information. I recently purchased a Dell Inspiron 24 7000, and based on your article, found the eDellRoot certificate. It has now been removed thanks to your removal guide. Much appreciated! :)

Back to top