Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

J

johnvictor

58 Posts

2822

August 17th, 2018 13:00

Inspiron 3650, BIOS update to 3.7.0, 17th August 2018

After updating my BIOS to 3.6.0 without problems in July, I'm now getting an urgent request to update it again but to 3.7.0 this time.

Seeing as BIOS Updates causes problems for so many on here, I'm reluctant.

Any ideas why the new update is required so soon after the last one please?

RoHe

10 Elder

 • 

44.3K Posts

August 17th, 2018 17:00

Looks like Intel found more security holes that they're trying to plug...

BIOS 3.6.0
- Updated Intel ME Firmware to address security advisory INTEL-SA-00118 (CVE-2018-3627).
- Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115
  (CVE-2018-3639 & CVE-2018-3640)

BIOS 3.7.0
- Update Intel ME Firmware to address security advisories INTEL-SA-00125 (CVE-2018-3655) &
  Intel-SA-00131 (CVE-2018-3643 CVE-2018-3644)

You can google the new Intel-SA or CVE numbers to see what they fix and decide for yourself if the potential risk of updating BIOS is more or less than the risk from those security issues.

And as I recommended the last time, I'd wait a while before updating and let somebody else be the guinea pig. :Wink:

johnvictor

58 Posts

August 18th, 2018 11:00

Yes. Thanks RoHe. I'll keep monitoring this forum.

If I should decide to not update to 3.7.0 will that prevent me from updating to 3.8.0 should that update be necessary some time in the future?

RoHe

10 Elder

 • 

44.3K Posts

August 18th, 2018 18:00

BIOS updates are supposed to be cumulative. So if a BIOS 3.8.0 is ever released, you should be able to update directly to that one, with the caveats that sometimes BIOS updates say you must have a specific prior version installed before you can update to the latest one, and, of course, the ever present risk of bricking the motherboard with any BIOS update.

And for the future, you can always click your avatar in upper right corner of any forum page after logging in and select your Profile from the drop-down menu, and that page will show your "recent activity" so you can always find your old threads. :Wink:

DLit19

1 Message

August 19th, 2018 06:00

This morning 8/19/2018 the Dell Update assistant told me to update the BIOS. When I clicked the update it froze up the computer. Dell support is off line now so I don't have any answers at this time. New PC July 9, 2018

RoHe

10 Elder

 • 

44.3K Posts

August 19th, 2018 13:00

@DLit19 wrote:

This morning 8/19/2018 the Dell Update assistant told me to update the BIOS. When I clicked the update it froze up the computer. Dell support is off line now so I don't have any answers at this time. New PC July 9, 2018

What PC model do you have? What BIOS was installed and what version was it going to install?

You can try this:

  1. Power off, unplug
  2. Press/hold power button for ~15 sec
  3. Open case and remove motherboard battery (check the support page for the Service Manual for your specific model for details)
  4. Press/hold power button for ~30 sec
  5. Reinstall the battery, right-side-up 
  6. Close up and connect only mouse, monitor and keyboard
  7. Reboot

Since yours should be under warranty, if necessary, Dell should replace the motherboard for you. But they'll only do it one time because you updated BIOS on your own, not being instructed to update BIOS by a Dell Tech Support agent. And no, being offered a BIOS update by the Update app doesn't count as being told to update BIOS by a Tech Support agent.

johnvictor

58 Posts

August 23rd, 2018 13:00

Wonder if @DLit19 had any luck?

speedstep

9 Legend

 • 

47K Posts

September 22nd, 2018 15:00

Its more than just INTEL.

https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

 https://www.grc.com/inspectre.html

 

 

 

Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1036198
SecurityTracker URL:  http://securitytracker.com/id/1036198
CVE Reference:   CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646   (Links to External Site)
Date:  Jun 29 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1.6 MP4 and prior
Description:   Multiple vulnerabilities were reported in Symantec Endpoint Protection and other Symantec products. A remote user can execute arbitrary code on the target system.

A remote user can create a specially crafted file that, when processed by the target Symantec Decomposer engine, will trigger an integer overflow, memory access error, or memory corruption error and execute arbitrary code on the target system.

RAR file decompression is affected [CVE-2016-2207].

The Dec2SS component is affected [CVE-2016-2209].

The Dec2LHA component is affected [CVE-2016-2210].

CAB decompression is affected [CVE-2016-2211].

MIME processing is affected [CVE-2016-3644].

TNEF processing is affected [CVE-2016-3645].

ZIP decompression is affected [CVE-2016-3646].

Multiple Symantec enterprise products are affected:

Advanced Threat Protection
Symantec Data Center Server
Symantec Critical System Protection
Symantec Embedded Systems Critical System Protection
Symantec Web Security .Cloud
Email Security Server .Cloud
Symantec Web Gateway
Symantec Endpoint Protection
Symantec Endpoint Protection for Mac
Symantec Endpoint Protection for Linux
Symantec Protection Engine
Symantec Protection for SharePoint Servers
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for Domino
CSAPI
Symantec Message Gateway
Symantec Message Gateway for Service Providers

View More

View All

No Events found!

Top