Acer fixes UEFI bugs that can be used to disable Secure Boot

29-Nov-22

In order to prevent local attackers from disabling UEFI Secure Boot on targeted computers, Acer has patched a high-severity vulnerability impacting a number of laptop models. The security hole (CVE-2022-4020) on some consumer-grade Acer Notebook devices was found in the HQSwSmiDxe DXE driver, as reported by ESET malware researcher Martin Smolar.

On computers with a Trusted Platform Module (TPM) chip and UEFI firmware, the Secure Boot security feature disables bootloaders from untrusted operating systems to stop malicious malware like rootkits and bootkits from loading during startup.

Read More…