Researchers have discovered a new set of vulnerabilities affecting various Acer consumer and business laptops.
The vulnerability, discovered by ESET, allowed malicious actors to disable UEFI Secure Boot by creating NVRAM, a type of non-volatile random access memory, variables directly from the operating system.
UEFI Secure Boot is a feature that acts as a verification mechanism, ensuring that malware such as rootkits and botkits cannot start on your systems, allowing them to disable or bypass protections or deploy their own payloads with system privileges.
How does this vulnerability work?
The vulnerability, dubbed #CVE-2022-4020, is in the DXE driver HQSwSmiDxe according to a Twitter post (opens in a new tab) by ESET malware researcher Martin Smolar. It looks for the NVRAM variable “BootOrderSecureBootDisable” and if the variable exists on your system, the driver disables Secure Boot.
According to an Acer blog post (opens in a new tab), affected models include the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
Acer said it is working on a BIOS update to fix this issue that will be posted on its support site (opens in a new tab). But in the meantime, the hardware company recommends updating your BIOS to the latest version to fix this issue and said that this update will be included as a critical Windows update.
This is not the first time ESET has disclosed UEFI Secure Boot vulnerabilities in recent months.
The cybersecurity firm also discovered firmware flaws related to UEFI firmware affecting Lenovo laptops in January 2022, which it revealed in its own Twitter post.