Generally, when we talk about updating the computer, we usually refer to Windows and the programs, since it is what we usually interact with most of the time. However, the computer has more software underneath with which it works and that, like the operating system, we must keep updated. We are talking about the BIOS, UEFI, or firmware, which is responsible for controlling the most basic and important aspects of the PC. And, from time to time, as has happened to this manufacturer, it also has vulnerabilities that must be fixed as soon as possible.
A few hours ago, a group of security researchers revealed a vulnerability in the BIOS/UEFI of various laptop models, CVE-2022-4020. This vulnerability, as they have confirmed, could be used by any local attacker to disable secure boot, or Secure Boot, from UEFI on affected systems. This vulnerability is found in the HQSwSmiDxe DXE driver present in the firmware of several laptop models, and can be exploited very easily, as long as the attacker has local (physical, or malware) control over the computer.
The Secure Boot, or secure boot, is a security measure that computers that use the Trusted Platform Module (TPM) chip have, together with the Unified Extensible Firmware Interface (UEFI) to prevent malicious code from being loaded (rootkits, bootkits, etc.) during computer startup.
To disable this security measure, it is only necessary for the attackers to modify the value of the variable BootOrderSecureBootDisable directly from the system’s own memory. By doing so, Secure Boot is disabled, and that is when the system boot is modified to load any type of code (programs, drivers, etc.) without firmware, with hidden malware, to take control of the PC.
The affected Acer Aspire laptop models are:
- A315-22
- A115-21
- A315-22G
- Extensive EX215-21
- EX215-21G
Update affected computers
Acer directly recommends that all users affected by this problem update the firmware of the equipment as soon as possible. This can be done in many ways. The first one is from the Acer website, where we can already find the new firmwares available that repair this vulnerability. We simply have to look for the laptop model we have, download the new version, and install it as indicated by the manufacturer.
Also, alternatively, Microsoft is going to upload this new firmware version to their own servers so that those users who do not want to complicate themselves, or do not know how to update the BIOS by hand, can do it directly from Windows Update. The patch will arrive marked as critical, so it will appear along with the other updates.
A recurring failure
It is not the first time that a vulnerability of this type has been found. ESET has already detected very similar security flaws in laptops from other manufacturers, such as the ThinkBook, IdeaPad and Yoga from Lenovo. The important thing, as always, is to make sure that our computer is always updated and free of viruses. We must always be careful with the software that we download and install on the computer, always install program and operating system updates, and, very important, make sure that our computer’s firmware is always up to date.
