When will the recent UEFI exploit CVE-2024-0762 be fixed in a firmware update?

Kodabey
Kodabey Member Posts: 1 Newbie

Most Acer gaming notebooks use a UEFI package that has been found vulnerable to a newly found exploit, CVE-2024-0762. https://www.securityweek.com/hundreds-of-pc-server-models-possibly-affected-by-serious-phoenix-uefi-vulnerability/

Answers

  • Puraw
    Puraw ACE, Member Posts: 14,110 Trailblazer

    If you keep Windows11 23H2 UpToDate you should be on version 22631.3737 now and when the top 3 Windows security features are enabled (have green tick marks, see picture) you've got nothing to worry about, just enjoy your Acer laptop. 😉

  • vewass
    vewass Member Posts: 4 New User

    I would like to ask the same thing, why don't your laptops have updates and patches for recent holes. It is a bit frivolous for your expensive equipment to be unmaintained. I have an Acer Triton Predator 500 SE, the last bios update is from 2022/09/27.

  • Oblivion9
    Oblivion9 Member Posts: 1 Newbie

    This is an uneducated reply at best, and a blatant lie at worst. The referenced OS security features would not block this exploit, as the BIOS/UEFI is separate from, and runs before the OS. Windows Update doesn't generally patch the BIOS/UEFI, unless it is a rare case where it is included in the "Optional Driver Updates" category. Please, I would like to hear from someone at ACER on this with an included time frame of when we can expect a patch for this (if ever), or someone who has an ACER computer that is affected by this, and is still in warranty, contact support. If support can't provide a decent answer, ask them to escalate a ticket up, then reply to this post with their response.