Published in News

Acer releases firmware update

by on30 November 2022


Security vulnerability turns off UEFI Secure Boot

Acer has released a firmware update to address a security vulnerability that could be weaponised to turn off UEFI Secure Boot.

Dubbed CVE-2022-4020, the high-severity vulnerability affects the Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables."

ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers, is credited with finding this flaw.

Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with boot loaders.

This includes granting the attacker complete control over the operating system loading process and "disable or bypass protections to silently deploy their payloads with the system privileges."

The flaw resides in a DXE driver called HQSwSmiDxe. The BIOS update is expected to be released as part of a critical Windows update.

 

Last modified on 30 November 2022
Rate this item
(1 Vote)

Read more about: