Researchers have discovered a new set of vulnerabilities affecting a number of Acer consumer and business laptops.
The vulnerability discovered by bt ESET allowed attackers to disable UEFI Secure Boot by creating NVRAM, a type of non-volatile random-access memory, variables directly from the operating system.
UEFI Secure Boot is a feature that acts as an authentication mechanism, preventing malicious software such as rootkits and botkits from booting on your systems, allowing them to disable or bypass protections or deploy their own payloads with the system privileges.
How does this vulnerability work?
The vulnerability, named #CVE-2022-4020, is found in the DXE driver HQSwSmiDxe according to a Twitter message (opens in new tab) by ESET malware researcher Martin Smolar. It checks for the NVRAM variable “BootOrderSecureBootDisable”, and if the variable exists within your system, the driver disables Secure Boot.
This is according to a blog post from Acer (opens in new tab)Affected models include the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21 and EX215-21G.
Acer said it is working on a BIOS update to fix this issue that will be posted on its support site (opens in new tab). But in the meantime, the hardware company recommends updating your BIOS to the latest version to fix this problem and said this update will be included as a critical Windows update.
This is not the first time UEFI Secure Boot vulnerabilities have been revealed by ESET in recent months.
The cybersecurity company also discovered UEFI firmware-related firmware errors affecting Lenovo laptops in January 2022. revealed in its own Twitter post.