Experts from Acer observed multiple Acer laptop models have vulnerabilities that might let hackers disable the ‘Secure Boot’ function and security checks to install malware.
The vulnerability, tracked as CVE-2022-4020 (CVSS score of 8.1), was found in the HQSwSmiDxe DXE driver, which examines to see if the NVRAM variable “BootOrderSecureBootDisable” is present to disable Secure Boot.
“Researchers have identified a vulnerability that may allow changes to Secure Boot settings by creating NVRAM variables (the actual value of the variable is not important, only the existence is checked by the affected firmware drivers),” Acer
This high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
Martin Smolar, an ESET security researcher, is credited for finding and disclosing the vulnerability.
Hackers Disable Secure Boot Function and Security Checks
The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to prevent malicious code like rootkits and bootkits from loading during the startup process.
Researchers say threat actors can hijack the OS loading process, load unsigned bootloaders to bypass or disable protections, and then launch malicious payloads with administrative capabilities on affected Acer laptops after exploiting the vulnerability and disabling Secure Boot.
“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process”, Acer
“This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges”.
How to Resolve This Issue?
To fix this problem, Acer advises updating your BIOS to the most recent version.
“Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update,” the company added.
Customers can manually install the BIOS update on impacted PCs by downloading it from the company’s support page.
Notably, early in November, ESET issued a warning about the Lenovo flaw and urged customers to immediately update the BIOS on affected systems.
The cybersecurity firm is now alerting customers to this Acer vulnerability and advising them to watch out for patches.
“In addition to Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS,” according to ESET
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book