Acer has released a firmware update that addresses a security vulnerability that could be weaponized to turn off UEFI Secure Boot on affected machines.

tracked as CVE-2022-4020the high-severity vulnerabilities affect five different models consisting of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

cyber security

The PC manufacturer describes the vulnerability as an issue that “may allow changes to Secure Boot settings by creating NVRAM variables.”credit discover The flaw was attributed to ESET researcher Martin Smolรกr, who previously reported a similar bug on a Lenovo computer.

Disabling Secure Boot, an integrity mechanism that ensures that only trusted software is loaded during system startup, allows malicious actors to tamper with the boot loader, with serious consequences.

this too assignment In addition to gaining full control over the operating system loading process, the attacker “disables or bypasses protections and silently deploys its own payload with system privileges.”

According to a Slovak cybersecurity firm, the flaw was DXE driver It is called HQSwSmiDxe.

BIOS updates will be released as part of critical Windows updates. Alternatively, the user can download the fix from her Acer’s website. Support portal.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog