Researchers have detected a new set of vulnerabilities impacting a number of Acer consumer and business laptops.
The vulnerability, uncovered bt ESET allowed bad actors to deactivate UEFI Secure Boot by creating NVRAM, a type of non-volatile Random Access Memory, variables directly from the operating system.
UEFI Secure Boot is a feature that acts as a verification mechanism, which ensures that malignant software like rootkits and botkits can’t boot on your systems, allowing them to disable or bypass protections or to deploy their own payloads with the system privileges.
How does this vulnerability work?
The vulnerability, dubbed #CVE-2022-4020, is to be found in the DXE driver HQSwSmiDxe according to a Twitter post (opens in new tab) by ESET malware researcher Martin Smolar. It checks for the “BootOrderSecureBootDisable” NVRAM variable, and if the variable exists within your system, the driver then disables Secure Boot.
According to a blog post by Acer (opens in new tab), impacted models include the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
Acer said it is working on a BIOS update to resolve this issue that will be posted on its support site (opens in new tab). But in the meantime, the hardware firm recommends updating your BIOS to the latest version to resolve this issue and said that this update will be included as a critical Windows update.
This isn’t the first time that UEFI Secure Boot vulnerabilities have been revealed by ESET in recent months.
The cybersecurity firm also unearthed UEFI firmware-related firmware flaws impacting Lenovo laptops in January 2022, which it revealed in a Twitter post of its own.