Acer has launched a firmware replace to deal with a safety vulnerability that may very well be probably weaponized to show off UEFI Secure Boot on affected machines.
Tracked as CVE-2022-4020, the high-severity vulnerability impacts 5 totally different fashions that include Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
The PC maker described the vulnerability as a problem that “could enable adjustments to Secure Boot settings by creating NVRAM variables.” Credited with discovering the flaw is ESET researcher Martin Smolár, who beforehand disclosed related bugs in Lenovo computer systems.
Disabling Secure Boot, an integrity mechanism that ensures that solely trusted software program is loaded throughout system startup, permits a malicious actor to tamper with boot loaders, resulting in extreme penalties.
This consists of granting the attacker full management over the working system loading course of in addition to “disable or bypass protections to silently deploy their very own payloads with the system privileges.”
Per the Slovak cybersecurity firm, the flaw resides in a DXE driver referred to as HQSwSmiDxe.
The BIOS replace is predicted to be launched as a part of a vital Windows replace. Alternatively, customers can obtain the fixes from Acer’s Support portal.