Acer has fixed a security vulnerability in its UEFI that, if exploited, would give attackers an admin privilege to handle the victim system.

This flaw is found in several Acer Notebooks and can result in serious consequences if not patched. Acer bundled the fix in the latest Windows update to everyone; thus, upgrading your system to the latest version or manually downloading the patched bootloader will safeguard users.

Acer UEFI Bug in Laptops

To the unknown, every computer will have a default software firmware called the Unified Extensible Firmware Interface (UEFI), which helps in running the other supported OS on the system for users.

This is so crucial and hard to alter since it’s the base OS holding all the elements together. Since it’s important, hackers would generally try to exploit any bug that’s reported in UEFI modules so as to have deeper privileges over the targeted system.

The same is happening with some Acer Notebooks, which are found to have a security vulnerability in their UEFI firmware. As reported by the ESET malware researcher Martin Smolar, the security flaw (tracked as CVE-2022-4020) was found in Acer’s HQSwSmiDxe DXE driver.

An attacker intending to exploit this will need high privileges but can be done with ease – without user interaction. Once hit, he will be able to alter the UEFI Secure Boot settings and can load any malicious OS he desires.

This would let him do anything he wants on the target system while sticking his malware to the firmware – making it hard to be removed. Affected models of Acer notebooks include the Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.

Well, Acer has already rolled out a fix to patch these laptops and asks users to apply it for good. This can be done manually from the company’s support website, or updating to the latest Windows update should work too. The company noted;

“Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update”.

LEAVE A REPLY

Please enter your comment!
Please enter your name here