CVE-2022-4020: High vulnerability affects Acer UEFI firmware
Recently, the ESET security team discovered a new high-risk vulnerability in Acer UEFI firmware which may allow changes to Secure Boot settings by creating NVRAM variables, and the exploit is relatively uncomplicated. This will cause the security policies provided by Microsoft and third-party security software to be unable to kill stubborn viruses, so secure boot vulnerabilities are high-level vulnerabilities.
The vulnerability, tracked as CVE-2022-4020, exists in the automatically deployed DXE driver HQSwSmiDxe on some Acer consumer laptops. An attacker with high privileges can modify the default configuration of UEFI Secure Boot by modifying NVRAM variables without user interaction. Acer said in the security bulletin that an attacker could hijack the operating system and load an unsigned bootloader after exploiting the vulnerability to disable Secure Boot.
“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” the company wrote in its security bulletin.
“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” the company wrote in its security bulletin.
CVE-2022-4020 affected Acer laptops include Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.
At present, Acer’s official support website has issued a security notice, but the BIOS firmware of some models is available for download. But Acer is considering fixing the problem through Microsoft, that is, pushing new firmware and drivers through Windows Update so that the system can be upgraded silently.
After all, it is not realistic to expect users to actively download drivers and firmware, so the silent push installation method can quickly allow all users to complete the update.
Acer said that the above-mentioned firmware and drivers will be marked as important updates, and the affected models will automatically obtain the firmware after the patch is ready, and the user can restart.
