Barely a day after Dell announced it was fixing a major security flaw on its recently shipped PCs, a second one has been discovered in the form of a self-signed root certificate.
Nearly identical to the previous issue, the DSDTestProvider certificate comes preinstalled along with its own private key on some Dell Inspiron and XPS models.
The DSDTestProvider certificate is installed through the Dell System Detect toll into the Trusted Root Certificate Store on newer systems. Since it includes its own private key, it can be used by attackers to generate false certificates for malicious websites and trick affected Dell systems into trusting their HTTPS connection.
