
Acer fixes UEFI bugs that can be used to disable Secure Boot
Acer has set a superior-severity vulnerability influencing various laptop computer versions that could allow local attackers to deactivate UEFI Secure Boot on targeted systems.
The Secure Boot stability function blocks untrusted functioning programs bootloaders on computer systems with a Dependable Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to protect against destructive code like rootkits and bootkits from loading all through the startup process.
Described by ESET malware researcher Martin Smolar, the security flaw (CVE-2022-4020) was found in the HQSwSmiDxe DXE driver on some purchaser Acer Notebook equipment.
Attackers with significant privileges can abuse it in small-complexity attacks that call for no person conversation to alter UEFI Secure Boot options by modifying the BootOrderSecureBootDisable NVRAM variable to disable Secure Boot.
“Researchers have discovered a vulnerability that might permit alterations to Protected Boot options by making NVRAM variables (real worth of the variable is not important, only the existence is checked by the influenced firmware motorists),” Acer said.
Right after exploiting the vulnerability on influenced Acer laptops and turning off Secure Boot, threat actors can hijack the OS loading procedure and load unsigned bootloaders to bypass or disable protections and deploy malicious payloads with system privileges.
The comprehensive record of impacted Acer laptop styles contains Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
​BIOS update available, Windows update incoming
“Acer suggests updating your BIOS to the most current model to take care of this difficulty. This update will be included as a important Windows update,” the company added.
Alternatively, customers can down load the BIOS update from the company’s support internet site and deploy it manually on impacted techniques.
Lenovo patched comparable bugs observed by ESET scientists in a number of ThinkBook, IdeaPad, and Yoga laptop designs earlier this month that could make it possible for attackers to deactivate UEFI Secure Boot.
Allowing menace actors to run unsigned, malicious code prior to OS boot can lead to critical repercussions, which includes the deployment of malware that can persist between OS re-installations and bypassing anti-malware protections offered by safety methods.
In the scenario of Lenovo, the situation was triggered by the firm’s developers such as an early advancement driver in creation drivers that could change protected boot settings from the OS.
In January, ESET observed 3 other UEFI firmware flaws that could help attackers to hijack the startup program on much more than 70 Lenovo system models working Home windows.