Acer has released a firmware update that addresses a security vulnerability that could be weaponized to turn off UEFI Secure Boot on affected machines.
tracked as CVE-2022-4020the high-severity vulnerabilities affect five different models consisting of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
The PC manufacturer describes the vulnerability as an issue that “may allow changes to Secure Boot settings by creating NVRAM variables.”credit discover The flaw was attributed to ESET researcher Martin Smolár, who previously reported a similar bug on a Lenovo computer.
Disabling Secure Boot, an integrity mechanism that ensures that only trusted software is loaded during system startup, allows malicious actors to tamper with the boot loader, with serious consequences.
this too assignment In addition to gaining full control over the operating system loading process, the attacker “disables or bypasses protections and silently deploys its own payload with system privileges.”
According to a Slovak cybersecurity firm, the flaw was DXE driver It is called HQSwSmiDxe.
BIOS updates will be released as part of critical Windows updates. Alternatively, the user can download the fix from her Acer’s website. Support portal.