Advisory ID: NCC-CSIRT-0612-061
Summary: An integrity mechanism known as Secure Boot, which ensures that only trusted software is loaded during system start-up, has a vulnerability that Martin Smolar, an ESET security researcher, uncovered in Acer laptop Computers. This gives the attacker total control over how the operating system loads and gives them the power to deactivate or bypass security measures to secretly install malware with system privileges.
Vulnerable Platform(s): Operating Systems
Threat Type:
- Malware
- Privilege Escalation
Product : Windows-based products
Version:
- Aspire A315-22, A115-21, and A315-22G
- Extensa EX215-21 and EX215-21G
Description: According to the researcher, the exploit happens because the compromised firmware driver merely verifies that the variables are present; it does not matter what value they have. By disabling Secure Boot, an attacker may install their own unsigned malicious bootloader and have complete control over how the Operating system boots. Using the exploit, an attacker with elevated privileges can change an NVRAM (Non-Volatile Random-Access Memory) variable to alter UEFI (Unified Extensible Firmware Interface) Secure Boot settings. With system rights, attackers can easily disable or go around security measures to secretly deploy their own payloads.
Consquences: Disable or bypass security measures and install malware
Impact/Probability: HIGH/HIGH
Solution :
- Update your BIOS (Basic Input Output System) to the latest version to resolve this issue.
- Users of Acer laptop computers should check the fixes on the vendor's Support portal.
References:
-
https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html
-
https://www.securityweek.com/vulnerability-acer-laptops-allows-attackers-disable-secure-boot
-
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings