eDellRootCertFix.exe Dell Certificate misery

Comments

4 comments

  • Brigg Angus

    Hi Jelle,

    We haven't been working on that package, but I know you have :)

    Were you able to get your deployment to work successfully? If so, would you mind sharing how?

    0
    Comment actions Permalink
  • Jason Hanks

    Customer responded on a support ticket that this was their solution. 

    Run the cert removal script:

    certutil.exe -delstore root "6b c5 7b 95 18 93 aa 97 4b 62 4a c0 88 fc 3b b6"

    And if you want to remove the Dell foundation services altogether you can run the following uninstall scripts:

    MsiExec.exe /qn /norestart /X{6D790340-C6A7-4009-9FB0-FAC1318A6CE9}

    MsiExec.exe /qn /norestart /X{8C483C4D-F346-4469-8221-90F2FB9FC9B1}

    MsiExec.exe /qn /norestart /X{B1714996-891A-43D2-8B83-CCFB2EC53978}

    MsiExec.exe /qn /norestart /X{D605CD24-103D-4DB6-B572-653851213C46}

     

    First one should be enough to get the computers safe the uninstalls just remove the (bloat)Dell Foundation Software.

    *** This is not supported nor has this been tested by Admin Arsenal. ***

    0
    Comment actions Permalink
  • Michael Muni

    just an UPDATE. Microsoft has added the certificate to be removed from computers so it should start getting cleared out on its own.

    However, Dell pushed out a patch to fix the root cert issue and now the patch has introduced something new and opens up all of the computers to executing WMIC commands from remote computers and output everything back to them. or simply visiting a site setup to attack this exploit.

     

    if you have the dell foundation services installed, it should be remove!

    0
    Comment actions Permalink
  • Jelle Hoekstra

    Hi all,

    Thanks for the help!

    0
    Comment actions Permalink

Please sign in to leave a comment.