Acer fixes major laptop bug that hackers can use to disable secure boot

Users are advised to update their BIOS as soon as possible

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have detected a new set of vulnerabilities impacting a number ofAcerconsumer andbusiness laptops.

The vulnerability, uncovered bt ESET allowed bad actors to deactivate UEFI Secure Boot by creating NVRAM, a type of non-volatile Random Access Memory, variables directly from theoperating system.

UEFI Secure Boot is a feature that acts as a verification mechanism, which ensures that malignant software like rootkits and botkits can’t boot on your systems, allowing them to disable or bypass protections or to deploy their own payloads with the system privileges.

How does this vulnerability work?

The vulnerability, dubbed #CVE-2022-4020, is to be found in the DXE driver HQSwSmiDxe according to aTwitter postby ESET malware researcher Martin Smolar. It checks for the “BootOrderSecureBootDisable” NVRAM variable, and if the variable exists within your system, the driver then disables Secure Boot.

According toa blog post by Acer, impacted models include the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.

Acer said it is working on a BIOS update to resolve this issue that will be posted on itssupport site.  But in the meantime, the hardware firm recommends updating your BIOS to the latest version to resolve this issue and said that this update will be included as a critical Windows update.

This bootkit has been used to backdoor Windows devices for almost a decade>Lenovo has fixed security flaws disabling security features on laptops, update now>Check out our guide to the best endpoint protection right now

This isn’t the first time that UEFI Secure Boot vulnerabilities have been revealed by ESET in recent months.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The cybersecurity firm also unearthed UEFI firmware-related firmware flaws impactingLenovolaptops in January 2022, which itrevealedin a Twitter post of its own.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin