Acer has introduced a firmware update to tackle a security vulnerability that could be likely weaponized to flip off UEFI Secure Boot on afflicted equipment.
Tracked as CVE-2022-4020, the high-severity vulnerability has an effect on five unique designs that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
The Personal computer maker described the vulnerability as an issue that “may well let improvements to Safe Boot configurations by producing NVRAM variables.” Credited with getting the flaw is ESET researcher Martin Smolár, who earlier disclosed equivalent bugs in Lenovo computer systems.
Disabling Secure Boot, an integrity mechanism that guarantees that only dependable software is loaded in the course of procedure startup, permits a destructive actor to tamper with boot loaders, leading to extreme penalties.
This involves granting the attacker full control above the working system loading method as well as “disable or bypass protections to silently deploy their have payloads with the program privileges.”
For each the Slovak cybersecurity enterprise, the flaw resides in a DXE driver identified as HQSwSmiDxe.
The BIOS update is predicted to be launched as element of a critical Windows update. Alternatively, customers can obtain the fixes from Acer’s Assist portal.
Found this posting appealing? Follow THN on Facebook, Twitter and LinkedIn to go through extra unique material we post.
Some areas of this short article are sourced from: