Dell posted instructions on how customers can remove a security vulnerability on some laptops that it recently shipped.
Dell confirmed on Monday that certain laptops it shipped since August 2015 have a pre-installed program that compromises the root security of a system, making it easy for hackers to gain access to private data.
The affected computers have a self-signed digital certificate dubbed eDellRoot easily allowing hackers to cryptographically impersonate an HTTPS-protected website.
“We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it,” Dell said in the statement. “Additionally, the certificate will be removed from all Dell systems moving forward.”
Instructions on how to remove the certificate has been posted on the Dell website. The company stressed that the certificate will not reinstall itself once it is properly removed.
Dell thanked people who brought the issue to the company’s attention: “We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.”
The instructions can be downloaded here. Dell said: ”we deeply regret that this has happened.”