UEFI bugs which can disable Secure Boot fixed by Acer (30th November 2022)

Ref# AL2022_79 | Date: Nov 30th 2022

Description 

Multiple laptop models were affected by a high-severity vulnerability patched by Acer that would have allowed local attackers to disable UEFI Secure Boot on vulnerable devices. 

Summary 

On computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware, the Secure Boot security feature blocks untrusted operating systems bootloaders to stop malicious malware like rootkits and bootkits from loading during startup. 

The security weakness (CVE-2022-4020) was found in the HQSwSmiDxe DXE driver on select consumer-grade Acer Notebook devices, an ESET malware researcher. 

Attackers with elevated privileges can make use of it to disable Secure Boot by altering the BootOrderSecureBootDisable NVRAM variable.  

 Researchers have discovered a flaw that could permit modifications to Secure Boot settings by creating NVRAM variables (actual value of the variable is not important, only the existence is checked by the affected firmware drivers). 

Threat actors can hijack the OS loading process, load unsigned bootloaders to bypass or disable protections, and then install malicious payloads with system rights after exploiting the vulnerability on affected Acer laptops and disabling Secure Boot. 

Acer laptop models Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G are all on the list of affected models. 

Remediation 

Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update.  

Alternatively, customers can download the BIOS update from the company”s support website and deploy it manually on affected systems. 

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary. 

PDF Download: Acer UEFI bug let attackers disable secure boot.pdf

References