Microsoft has invalidated two Dell certificates because they can be used to attack Windows users. The two affected certificates are DSDTestProvider and eDellCert of which the private keys were inadvertently disclosed.
One of these unconstrained certificates could be used to issue other certificates, impersonate other domains, or sign code. In addition, these certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Dell customers. Microsoft is not aware of any attacks abusing the keys but has decided to update the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of these certificates.
Windows 8 users don't need to take action, their Certificate Trust list is automatically updated. WIndows Vista, Windows 7 and Server 2008 users first have to download an update before they are automatically protected. Previously Microsoft already decided to detect and remove the affected certificates with Windows Defender and Security Essentials.
Also Dell has released an update to remove the certificates of computers.
