2

The Intel Driver & Support Assistant (DSA) appears to install a Root CA certificate into the Trusted Root CAs of Windows 10 Pro. DSA was installed in 2018.

Sysinternals sigcheck reports:

Listing valid certificates not rooted to the Microsoft Certificate Trust List:

Machine\ROOT:
   DSA Root CA
        Cert Status:    Valid
        Valid Usage:    All
        Cert Issuer:    DSA Root CA
        Serial Number:  31 84 C0 70 7E 6F 03 8A 41 02 2F 02 01 B3 0B 13
        Thumbprint:     C11273296F3A546A27354BE55671E69977D47E75
        Algorithm:      sha1RSA
        Valid from:     8:15 AM 7/3/2018
        Valid to:       1:59 AM 1/1/2040

The certificate contains a private key. The cert manager reports: "You have a private key that corresponds to this certificate".

The certificate seems to be generated by Intel DSA during every startup of the service. The certificate reappears after removal and reboot. The "Valid From" date is the date of the system/service start.

Is this really safe?

chicks
  • 3,793
  • 10
  • 27
  • 36

1 Answers1

0

The best possible answer to this is a blog post by msxfaq. Since its in German - I try to summarize as TLDR

  • Intel is aware of the "issue" and its risks
  • Intel started a mitigation but the CA logic is still in use
  • Official Intel CVE

Recommended Lecture: Google translated version of the msxfaq blog post

Markus
  • 1
  • 1