Dell said on Monday that security issues exist on a few laptops that it recently shipped. "Unfortunately, the certificate introduced an unintended security vulnerability".

If you own a Dell PC or Laptop and are anxious about having such a security hole on your PC, you need to wait for Dell to issue the removal tool.

The security flaw was first spotted by programmer Joe Nord, and as a result of the certificate and Dell pre-installed permissions, all affected laptops will automatically trust all SSL certificates that pass through. The malware has the capability to steal the users' personal data, and can even turn their laptop into a bot. For now it's going to provide users with instructions on removing the certificate by email and on its support website, adds Reuters.

eDellRoot is shipped with an associated private key, which Duo Security characterizes as an "epic fail". Dell said it's posting instructions on its website for moving the flawed certificate, called eDellRoot, though this process can be technically complex.

As part of its investigation, the company's analysts scanned the Internet using a tool from Censys to see if there are systems on the Internet using eDellRoot to encrypt traffic. "With the pre-installed certificate and its private key, any website can claim to be any other site and Dell computers wouldn't be able to tell the difference", Mikko Hypponen, Chief Research Officer at F-Secure told Gadgets 360 in a statement.

It's not yet clear how many models are affected.

Dell PCs have been shipping to users with certificates that attackers could easily clone to impersonate any HTTPS-protected website, such as online banking and Google. This could allow an attacker to decrypt encrypted Web browser traffic without a victim noticing anything. Since this is a new development, it could be on other Dell PCs on the market, too. "The attacker could also manipulate the user's traffic, e.g., sending malware in response to requests to download legit software, or install automatic updates-and make it all appear to be signed by a trusted developer". This Certification Authorities (CA) key, has the ability to sign server certificates.

According to Ars Technica, Inspiron 5000 notebooks, XPS 15 models, Dell Inspiron desktops, and various Precision M4800 and Latitude models are reported to be affected. Superfish was a type of adware that injected ads into websites and undermined a number of security protocols in laptops.