Although Dell SecureWorks was not engaged to test this particular customer support component (eg: the on-the-box support certificate), Dell has a robust product development and testing cycle that we are always improving and when we detect issues we work quickly to resolve them.
In addition, we foster an open relationship with our customers and those in the security community so we can help protect our customers. We appreciate the customers who brought this to our attention and encourage others who find a potential security vulnerability in any Dell product or software, to visit this site to contact us immediately.
In the meantime, Dell has posted instructions to permanently remove the certificate from your system, and they can be found here. Dell is also pushing a software update starting today, November 24, that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.