Acer UEFI Bug Gets a Patch, Update Immediately

Noticing a critical security bug in it’s UEFI firmware, Acer has rolled out a fix bundled with the latest Windows update to patch this.

Researchers warned that exploiting this bug would give attackers the admin privileges of their targeted system for more malicious operations. This affects certain models of Acer notebooks and thus should be secured immediately.

Acer UEFI Firmware Bug

An ESET malware researcher named Martin Smolar has found a security vulnerability (tracked CVE-2022-4020) in Acer’s notebooks that would have devastating effects if exploited.

More specifically, the flaw was spotted in the HQSwSmiDxe DXE driver of Acer’s UEFI firmware and will allow attackers with high privileges to perform a low-complexity attack to breach the system. Exploiting this flaw doesn’t need any user interaction, thus making it more dangerous.

Once in, the attacker can modify the UEFI Secure Boot settings of the targeted system, which would allow him to load unsigned bootloaders as desired. These can be any malicious OS that would aid his future operations on the compromised system.

And since it’s executed in the firmware, it’s hard to be removed. The malware loaded into UEFI firmware can persist for so long, as it mostly goes undetected by the antivirus software. Acer models affected by this bug include Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.

Acer has rolled out a patch for this bug and advised users to apply it immediately. Users can do it manually from the company’s support page, or updating your system to the latest Windows OS will do too – as Acer bundled it’s fix in that as well.

Other Trending News:-  News

LEAVE A REPLY

Please enter your comment!
Please enter your name here