Acer has fixed a security vulnerability in its UEFI that, if exploited, would give attackers an admin privilege to handle the victim system.
This flaw is found in several Acer Notebooks and can result in serious consequences if not patched. Acer bundled the fix in the latest Windows update to everyone; thus, upgrading your system to the latest version or manually downloading the patched bootloader will safeguard users.
Acer UEFI Bug in Laptops
To the unknown, every computer will have a default software firmware called the Unified Extensible Firmware Interface (UEFI), which helps in running the other supported OS on the system for users.
This is so crucial and hard to alter since it’s the base OS holding all the elements together. Since it’s important, hackers would generally try to exploit any bug that’s reported in UEFI modules so as to have deeper privileges over the targeted system.
The same is happening with some Acer Notebooks, which are found to have a security vulnerability in their UEFI firmware. As reported by the ESET malware researcher Martin Smolar, the security flaw (tracked as CVE-2022-4020) was found in Acer’s HQSwSmiDxe DXE driver.
In addition to #Lenovo vulnerabilities we disclosed earlier this month, we discovered another similar vulnerability in #Acer laptops. Same as in Lenovo case, it allows deactivating UEFI Secure Boot by creating NVRAM variable directly from OS. @smolar_mhttps://t.co/zsDjKGIAjQ 1/3
— ESET research (@ESETresearch) November 28, 2022
An attacker intending to exploit this will need high privileges but can be done with ease – without user interaction. Once hit, he will be able to alter the UEFI Secure Boot settings and can load any malicious OS he desires.
This would let him do anything he wants on the target system while sticking his malware to the firmware – making it hard to be removed. Affected models of Acer notebooks include the Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
Well, Acer has already rolled out a fix to patch these laptops and asks users to apply it for good. This can be done manually from the company’s support website, or updating to the latest Windows update should work too. The company noted;
“Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update”.