Security News

The US government's New Year's resolution for 2023: no more TikTok at work. In an email to members and staff Tuesday, the Committee on House Administration banned the use of TikTok from House-managed mobile devices.

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. Attackers with high privileges can abuse it in low-complexity attacks that require no user interaction to alter UEFI Secure Boot settings by modifying the BootOrderSecureBootDisable NVRAM variable to disable Secure Boot.

Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot. UEFI Secure Boot is a verification system that ensures no malicious code can be loaded and executed during the computer boot process.

VMware has admitted an update on some versions of its Carbon Black endpoint solution is responsible for BSODs and boot loops on Windows machines after multiple organizations were affected by the problem. The problem surfaced yesterday, with threat hunter Tim Geschwindt stating on Twitter he knew of about 50 organizations struggling with the issue, and saying the Carbon Black endpoint solution was "Causing blue screens of death for devices running sensor version 3.7.0.1253".

Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the August 2022 Patch Tuesday, Microsoft released the standalone KB5012170 'Security update for Secure Boot DBX' to resolve vulnerabilities found in various UEFI bootloaders that threat actors could use to bypass the Windows Secure Boot feature and execute unsigned code.

Microsoft is warning that users may see a 0x800f0922 error when trying to install Windows KB5012170 Secure Boot security update on currently supported operating systems for consumers and the enterprise-class Server version. Error 0x800f0922 is related strictly to KB5012170, a security update for the Secure Boot DBX, a repository that holds revoked signatures for Unified Extensible Firmware Interface bootloaders.

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium said in a report shared with The Hacker News.

Some signed third-party bootloaders for the Unified Extensible Firmware Interface could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. Eclypsium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines.