News, 30.11.2022, 09:30 AM
Acer released a firmware update to address a security vulnerability that could be exploited to disable UEFI Secure Boot on vulnerable computers.
Followed as CVE-2022-4020the vulnerability affects five Acer computer models – the Aspire A315-22, A115-21 and A315-22G and the Extensa EX215-21 and EX215-21G.
To disclose this vulnerability the credit goes to the researcher of the Slovakian cyber-security company ESET, Martin Smolarwhich recently discovered similar bugs in Lenovo computers.
Disabling Secure Boot, the mechanism that ensures only trusted software is loaded during system startup, allows an attacker to modify boot programs, leading to serious consequences.
This includes full control of the attacker over the loading process of the operating system, as well as “disabling or bypassing protections to silently execute their own malicious code with system privileges.”
According to ESET, the bug is in the DXE driver which is called HQSwSmiDxe.
The BIOS update is expected to be released as part of Windows updates. Also, users can download updates from Acer’s support portal.