Acer has fixed a high-severity vulnerability affecting multiple laptop models that could allow local attackers to disable UEFI Secure Boot on targeted systems.
Secure Boot security feature blocks untrusted operating system boot loaders on computers with Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to prevent code loading malware such as rootkits and bootkits during the boot process.
Elevated attackers can abuse this in low-complexity attacks that require no user interaction to change UEFI Secure Boot settings by modifying the BootOrderSecureBootDisable NVRAM variable to disable Secure Boot.
“Researchers have identified a vulnerability that may allow changes to Secure Boot settings by creating NVRAM variables (the actual value of the variable is not important, only existence is checked by affected firmware drivers)”, Acer said.
After exploiting the vulnerability on affected Acer laptops and disabling Secure Boot, hackers can hijack the OS loading process and load unsigned bootloaders to bypass or disable protections and deploy malicious payloads with system privileges.
BIOS update available, Windows update inbound
“Acer recommends updating your BIOS to the latest version to resolve this issue. This update will be included as a critical Windows update,” the company added.
Alternatively, customers can download the BIOS update from the company support site and deploy it manually to the affected systems.
The full list of affected Acer laptop models includes the Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21 and EX215-21G.
Lenovo similar bugs fixed found by ESET researchers in several ThinkBook, IdeaPad and Yoga laptop models earlier this month that could allow attackers to disable UEFI Secure Boot.
Allowing hackers to execute unsigned malicious code before the operating system boots can have serious consequences, including deploying malware that can persist between operating system reinstallations and bypassing anti-malware protections provided by security solutions.
In Lenovo’s case, the issue was caused by the company’s developers, including an early development driver in the production drivers that could alter the operating system’s secure boot settings.
In January, ESET found three more UEFI firmware flaws which could allow attackers to hijack the startup routine on more than 70 models of Lenovo devices running Windows.