eDellRootCertFix.exe Dell Certificate misery

• 

  Brigg Angus

  December 02, 2015 22:03

  Hi Jelle,

  We haven't been working on that package, but I know you have :)

  Were you able to get your deployment to work successfully? If so, would you mind sharing how?

  0
• 

  Jason Hanks

  December 03, 2015 18:15

  Customer responded on a support ticket that this was their solution. 

  Run the cert removal script:

  certutil.exe -delstore root "6b c5 7b 95 18 93 aa 97 4b 62 4a c0 88 fc 3b b6"

  And if you want to remove the Dell foundation services altogether you can run the following uninstall scripts:

  MsiExec.exe /qn /norestart /X{6D790340-C6A7-4009-9FB0-FAC1318A6CE9}

  MsiExec.exe /qn /norestart /X{8C483C4D-F346-4469-8221-90F2FB9FC9B1}

  MsiExec.exe /qn /norestart /X{B1714996-891A-43D2-8B83-CCFB2EC53978}

  MsiExec.exe /qn /norestart /X{D605CD24-103D-4DB6-B572-653851213C46}

   

  First one should be enough to get the computers safe the uninstalls just remove the (bloat)Dell Foundation Software.

  *** This is not supported nor has this been tested by Admin Arsenal. ***

  0
• 

  Michael Muni

  December 03, 2015 21:08

  just an UPDATE. Microsoft has added the certificate to be removed from computers so it should start getting cleared out on its own.

  However, Dell pushed out a patch to fix the root cert issue and now the patch has introduced something new and opens up all of the computers to executing WMIC commands from remote computers and output everything back to them. or simply visiting a site setup to attack this exploit.

   

  if you have the dell foundation services installed, it should be remove!

  0
• 

  Jelle Hoekstra

  December 04, 2015 07:23

  Hi all,

  Thanks for the help!

  0

Please sign in to leave a comment.