Acer has launched a firmware replace to deal with a safety vulnerability that may very well be doubtlessly weaponized to show off UEFI Safe Boot on affected machines.
Tracked as CVE-2022-4020, the high-severity vulnerability impacts 5 completely different fashions that include Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
The PC maker described the vulnerability as a difficulty that “could enable adjustments to Safe Boot settings by creating NVRAM variables.” Credited with discovering the flaw is ESET researcher Martin Smolár, who beforehand disclosed comparable bugs in Lenovo computer systems.
Disabling Safe Boot, an integrity mechanism that ensures that solely trusted software program is loaded throughout system startup, permits a malicious actor to tamper with boot loaders, resulting in extreme penalties.
This consists of granting the attacker full management over the working system loading course of in addition to “disable or bypass protections to silently deploy their very own payloads with the system privileges.”
Per the Slovak cybersecurity firm, the flaw resides in a DXE driver referred to as HQSwSmiDxe.
The BIOS replace is anticipated to be launched as a part of a important Home windows replace. Alternatively, customers can obtain the fixes from Acer’s Assist portal.
