Security
Headlines
HeadlinesLatestCVEs

Headline

Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

By Deeba Ahmed ESET assigned the vulnerability a CVSS score of 8.1 and tracked it as CVE-2022-4020. This is a post from HackRead.com Read the original post: Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

HackRead
#vulnerability#ios#windows#lenovo#bios#acer

Cybersecurity firm ESET’s researchers have identified a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already discovered it affecting Lenovo models, whereas this time, it is impacting several models of Acer laptops.

Lenovo fixed the issue and published a technical advisory. However, the bug allows attackers to install malware on the device by letting them disable Secure Boot and bypass security mechanisms.

Vulnerability Details

ESET assigned the vulnerability a CVSS score of 8.1 and tracked it as CVE-2022-4020. It was discovered in the HQSwSmiDxe DXE driver that checks the ‘BootOrderSecureBootDisable’ NVRAM variable for deactivating UEFI (Unified Extensible Firmware Interface) Secure Boot.

In addition to #Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in #Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS. @smolar_mhttps://t.co/zsDjKGIAjQ 1/3

— ESET research (@ESETresearch) November 28, 2022

Disabling this feature lets the attacker load their “own unsigned malicious bootloader” so as to gain complete control over the OS loading procedure. Moreover, they can bypass or disable protections to discreetly install malicious payloads, ESET advisory read.

“Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable,” researchers explained. NVRAM refers to non-volatile random-access memory variables.

Acer’s Explanation

For your information, UEFI is responsible for kickstarting a computer’s hardware while the OS loads. The Secure Boot process has to ensure that malicious code doesn’t get loaded when the device is booting.

On November 23rd, 2022, Acer explained that the bug lets the attacker tamper with this mechanism’s settings by creating NVRAM variables. This happens because the firmware driver just checks for the variables’ presence and not their actual value.

At least five models of Acer computers are impacted by this bug, including A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G. Acer is currently trying to resolve the issue with a BIOS update, which will be posted on its Support site soon and will be included as a Critical Windows Update. The company recommends users update to the latest BIOS version.

Related news

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as

Acer Firmware Flaw Lets Attackers Bypass Key Security Feature

The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.

CVE-2022-4020

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

HackRead: Latest News

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked