Headline
Acer Laptop Vulnerability Allows Malware Infection During Secure Boot
By Deeba Ahmed ESET assigned the vulnerability a CVSS score of 8.1 and tracked it as CVE-2022-4020. This is a post from HackRead.com Read the original post: Acer Laptop Vulnerability Allows Malware Infection During Secure Boot
Cybersecurity firm ESET’s researchers have identified a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already discovered it affecting Lenovo models, whereas this time, it is impacting several models of Acer laptops.
Lenovo fixed the issue and published a technical advisory. However, the bug allows attackers to install malware on the device by letting them disable Secure Boot and bypass security mechanisms.
Vulnerability Details
ESET assigned the vulnerability a CVSS score of 8.1 and tracked it as CVE-2022-4020. It was discovered in the HQSwSmiDxe DXE driver that checks the ‘BootOrderSecureBootDisable’ NVRAM variable for deactivating UEFI (Unified Extensible Firmware Interface) Secure Boot.
In addition to #Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in #Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS. @smolar_mhttps://t.co/zsDjKGIAjQ 1/3
— ESET research (@ESETresearch) November 28, 2022
Disabling this feature lets the attacker load their “own unsigned malicious bootloader” so as to gain complete control over the OS loading procedure. Moreover, they can bypass or disable protections to discreetly install malicious payloads, ESET advisory read.
“Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable,” researchers explained. NVRAM refers to non-volatile random-access memory variables.
Acer’s Explanation
For your information, UEFI is responsible for kickstarting a computer’s hardware while the OS loads. The Secure Boot process has to ensure that malicious code doesn’t get loaded when the device is booting.
On November 23rd, 2022, Acer explained that the bug lets the attacker tamper with this mechanism’s settings by creating NVRAM variables. This happens because the firmware driver just checks for the variables’ presence and not their actual value.
At least five models of Acer computers are impacted by this bug, including A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G. Acer is currently trying to resolve the issue with a BIOS update, which will be posted on its Support site soon and will be included as a Critical Windows Update. The company recommends users update to the latest BIOS version.
Related news
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as
The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.