{"id":487290,"date":"2022-11-29T17:49:31","date_gmt":"2022-11-29T19:49:31","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-nouvelle-faille-dans-les-ordinateurs-portables-acer-pourrait-permettre-aux-attaquants-de-desactiver-la-protection-du-demarrage-securise\/"},"modified":"2022-11-29T17:49:32","modified_gmt":"2022-11-29T19:49:32","slug":"une-nouvelle-faille-dans-les-ordinateurs-portables-acer-pourrait-permettre-aux-attaquants-de-desactiver-la-protection-du-demarrage-securise","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-nouvelle-faille-dans-les-ordinateurs-portables-acer-pourrait-permettre-aux-attaquants-de-desactiver-la-protection-du-demarrage-securise\/","title":{"rendered":"Une nouvelle faille dans les ordinateurs portables Acer pourrait permettre aux attaquants de d\u00e9sactiver la protection du d\u00e9marrage s\u00e9curis\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Acer a publi\u00e9 une mise \u00e0 jour du micrologiciel pour r\u00e9soudre une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 qui pourrait \u00eatre potentiellement arm\u00e9e pour d\u00e9sactiver UEFI Secure Boot sur les machines concern\u00e9es.<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-4020\" target=\"_blank\"><strong>CVE-2022-4020<\/strong><\/a>la vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 affecte cinq mod\u00e8les diff\u00e9rents qui consistent en Aspire A315-22, A115-21 et A315-22G, et Extensa EX215-21 et EX215-21G.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Des-chercheurs-detaillent-la-vulnerabilite-inter-locataire-dAppSync-dans-Amazon-Web.jpg\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le fabricant de PC a d\u00e9crit la vuln\u00e9rabilit\u00e9 comme un probl\u00e8me qui &#8220;peut autoriser des modifications des param\u00e8tres de d\u00e9marrage s\u00e9curis\u00e9 en cr\u00e9ant des variables NVRAM&#8221;.  Cr\u00e9dit\u00e9 de <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/ESETresearch\/status\/1597227770626523136\" target=\"_blank\">d\u00e9couvrir<\/a> la faille est le chercheur d&#8217;ESET Martin Smol\u00e1r, qui a pr\u00e9c\u00e9demment r\u00e9v\u00e9l\u00e9 des bogues similaires dans les ordinateurs Lenovo.<\/p>\n<p>La d\u00e9sactivation du d\u00e9marrage s\u00e9curis\u00e9, un m\u00e9canisme d&#8217;int\u00e9grit\u00e9 qui garantit que seuls les logiciels de confiance sont charg\u00e9s au d\u00e9marrage du syst\u00e8me, permet \u00e0 un acteur malveillant de falsifier les chargeurs de d\u00e9marrage, entra\u00eenant de graves cons\u00e9quences.<\/p>\n<p>Ceci comprend <a rel=\"nofollow noopener\" href=\"https:\/\/community.acer.com\/en\/kb\/articles\/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings\" target=\"_blank\">octroi<\/a> l&#8217;attaquant contr\u00f4le compl\u00e8tement le processus de chargement du syst\u00e8me d&#8217;exploitation ainsi que &#8220;d\u00e9sactive ou contourne les protections pour d\u00e9ployer silencieusement ses propres charges utiles avec les privil\u00e8ges syst\u00e8me&#8221;.<\/p>\n<p>Selon la soci\u00e9t\u00e9 slovaque de cybers\u00e9curit\u00e9, la faille r\u00e9side dans un <a rel=\"nofollow noopener\" href=\"https:\/\/edk2-docs.gitbook.io\/edk-ii-module-writer-s-guide\/8_dxe_drivers_non-uefi_drivers\/88_dxe_runtime_driver\" target=\"_blank\">Pilote DXE<\/a> appel\u00e9 HQSwSmiDxe.<\/p>\n<p>La mise \u00e0 jour du BIOS devrait \u00eatre publi\u00e9e dans le cadre d&#8217;une mise \u00e0 jour critique de Windows.  Alternativement, les utilisateurs peuvent t\u00e9l\u00e9charger les correctifs \u00e0 partir d&#8217;Acer <a rel=\"nofollow noopener\" href=\"https:\/\/www.acer.com\/worldwide\/support\/\" target=\"_blank\">Portail d&#8217;assistance<\/a>.<\/p>\n<p><\/p>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/new-flaw-in-acer-laptops-could-let.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Acer a publi\u00e9 une mise \u00e0 jour du micrologiciel pour r\u00e9soudre une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 qui pourrait \u00eatre potentiellement arm\u00e9e pour d\u00e9sactiver UEFI Secure Boot sur les machines concern\u00e9es. Suivi comme CVE-2022-4020la vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 affecte cinq mod\u00e8les diff\u00e9rents qui consistent en Aspire A315-22, A115-21 et A315-22G, et Extensa EX215-21 et EX215-21G. Le fabricant [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":487291,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[128408,11865,507,4168,4158,4165,4161,429,7796,24853,9048,4157,4159,4171,4170,65,4167,4160,197,4163,4162,4393,5848,19056,2102,6845,36264,4172,4169,196,4166,4164],"class_list":["post-487290","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-acer","tag-attaquants","tag-aux","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-demarrage","tag-desactiver","tag-faille","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelle","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-ordinateurs","tag-permettre","tag-portables","tag-pourrait","tag-protection","tag-securise","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/487290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=487290"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/487290\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/487291"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=487290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=487290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=487290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}