Researchers have detected a new set of vulnerabilities impacting a number of Acer consumer and business laptops.
The vulnerability, uncovered bt ESET allowed bad actors to deactivate UEFI Secure Boot by creating NVRAM, a type of non-volatile Random Access Memory, variables directly from the operating system.
UEFI Secure Boot is a feature that acts as a verification mechanism, which ensures that malignant software like rootkits and botkits can't boot on your systems, allowing them to disable or bypass protections or to deploy their own payloads with the system privileges.
How does this vulnerability work?
The vulnerability, dubbed #CVE-2022-4020, is to be found in the DXE driver HQSwSmiDxe according to a Twitter post (opens in new tab) by ESET malware researcher Martin Smolar. It checks for the “BootOrderSecureBootDisable” NVRAM variable, and if the variable exists within your system, the driver then disables Secure Boot.
According to a blog post by Acer (opens in new tab), impacted models include the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
Acer said it is working on a BIOS update to resolve this issue that will be posted on its support site (opens in new tab). But in the meantime, the hardware firm recommends updating your BIOS to the latest version to resolve this issue and said that this update will be included as a critical Windows update.
This isn't the first time that UEFI Secure Boot vulnerabilities have been revealed by ESET in recent months.
The cybersecurity firm also unearthed UEFI firmware-related firmware flaws impacting Lenovo laptops in January 2022, which it revealed in a Twitter post of its own.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba