ky331
7 Gold

Re: BIOS updates to counter Meltdown/Spectre?

 

Based on all the chaos that has resulted from these rushed BIOS updates, and carefully considering the information I made in the following two posts:


https://www.dell.com/community/Virus-Spyware/Microsoft-to-issue-emergency-Windows-update-for-process...

https://www.dell.com/community/Virus-Spyware/Microsoft-to-issue-emergency-Windows-update-for-process...

I am seriously considering NOT updating the BIOS on my systems, even after a new BIOS is tested and declared safe.   Of course, I will then be taking full responsibilty for my [lack of] action, and for my system's security [or lack thereof].   Note:  I HAVE applied the January Windows updates (which mitigate Meltdown [but not Spectre] on x64-based systems).

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
RoHe
8 Krypton

Re: BIOS updates to counter Meltdown/Spectre?


@ky331 wrote:

 

Based on all the chaos that has resulted from these rushed BIOS updates, and carefully considering the information I made in the following two posts:


https://www.dell.com/community/Virus-Spyware/Microsoft-to-issue-emergency-Windows-update-for-process...

https://www.dell.com/community/Virus-Spyware/Microsoft-to-issue-emergency-Windows-update-for-process...

I am seriously considering NOT updating the BIOS on my systems, even after a new BIOS is tested and declared safe.   Of course, I will then be taking full responsibilty for my [lack of] action, and for my system's security [or lack thereof].   Note:  I HAVE applied the January Windows updates (which mitigate Meltdown [but not Spectre] on x64-based systems).


That's probably a good approach, as long as you accept responsibility for not updating, but it gets even worse than your experience...

Some users reported getting an alert in the past few days for an "important" BIOS update on the Inspiron 3647/3847 (which use the same BIOS). The alert tells them to update from BIOS A02 to BIOS A08. One user said the update worked, the others said it failed.

When I looked at the Support page, BIOS A08 was released in 2015 and it's marked "optional". So it obviously has nothing to do with any of the recent Intel issues.  And I checked that support page before Dell took down all the recent Meltdown/Spectre updates.

So why did these users suddenly get an "important" alert now for such an old version of BIOS that's supposed to be "optional", and why is this one failing too..??

:Ick:

Ron

   Forum Member since 2004
   I'm not a Dell employee

0 Kudos
ky331
7 Gold

Re: BIOS updates to counter Meltdown/Spectre?

 

From https://www.wired.com/story/meltdown-and-spectre-vulnerability-fix/ ; take it for what it's worth:

Though possible, exploiting Meltdown and especially Spectre is complicated and challenging in practice, and some attacks require physical access. For hackers, the vulnerabilities will only get tougher to exploit as more devices start to get patched. Which means that at this point, the risk to the average user is fairly low. Besides, there are easier ways—like phishing—for an attacker to try to steal your passwords or compromise your sensitive personal information.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
SallyC54
2 Bronze

Re: BIOS updates to counter Meltdown/Spectre?

 I have a Delll XPS 13 (9350) with BIOS 1.6.1 that keeps wanting to install new BIOS but then gives the message "BIOS update blocked due to unsupported downgrade"

After reading about how many problems people are having when trying to install the BIOS update, I'm fine ignoring the messages to update (or downgrade) but I'm just wondering if I'm already in trouble?  Everything works fine at this point.

My fear is that if I start trying to "fix" it back to 1.5.1 that I will end up with something that doesn't work because something went wrong in that process.

As a registered Dell product owner, I would have expected an email or something from them about this.  Since that hasn't happened, my question here is:  If everything works, can I leave it as is and wait for Dell/Intel to come up with a fix or path forward from 1.6.1 or do I need to remove 1.6.1 from my system?

Thank you.

0 Kudos
RoHe
8 Krypton

Re: BIOS updates to counter Meltdown/Spectre?


@SallyC54 wrote:

 I have a Delll XPS 13 (9350) with BIOS 1.6.1 that keeps wanting to install new BIOS but then gives the message "BIOS update blocked due to unsupported downgrade"

After reading about how many problems people are having when trying to install the BIOS update, I'm fine ignoring the messages to update (or downgrade) but I'm just wondering if I'm already in trouble?  Everything works fine at this point.

My fear is that if I start trying to "fix" it back to 1.5.1 that I will end up with something that doesn't work because something went wrong in that process.

As a registered Dell product owner, I would have expected an email or something from them about this.  Since that hasn't happened, my question here is:  If everything works, can I leave it as is and wait for Dell/Intel to come up with a fix or path forward from 1.6.1 or do I need to remove 1.6.1 from my system?

Thank you.


Follow the old adage: If it ain't broke, don't break it.

So leave it alone. And if SupportAssist keeps telling you there's a new update, you can either uninstall the SupportAssist software or stop it from loading automatically each time you boot up.

If you uninstall SupportAssist, you can always download and reinstall it again for free from Dell's support site, assuming you still need/want it.

Ron

   Forum Member since 2004
   I'm not a Dell employee

SallyC54
2 Bronze

Re: BIOS updates to counter Meltdown/Spectre?

@RoHe that sounds like good advice. 

I was just curious if I would need to go back to a previous BIOS or if Dell/Intel are going to come up with a path forward out of the pit I'm in due to their previous BIOS update.  For now, I'm just ignoring the notification and counting my blessings that everything still works. 

0 Kudos
RoHe
8 Krypton

Re: BIOS updates to counter Meltdown/Spectre?

Like I said, leave it alone. Just wait until things settle down and there's clear info on what comes next.

If you're concerned, the best thing to do is back up all your personal files on external media ASAP and keep updating that backup regularly.

Ron

   Forum Member since 2004
   I'm not a Dell employee

joe53
6 Gallium

Re: BIOS updates to counter Meltdown/Spectre?

Hi SallyC54

I too have an XPS 13 9350, and have been having BIOS update alerts and errors. At one point I was told that 1.6.1 was successfully installed, only to find msinfo32 said my BIOS was 1.4.18. And I kept getting alerts that a BIOS update was ready, or installed and I should reboot. These alerts continued despite reboots. It seemed I was in some infinite loop. Through all of this, my PC continued to work well, apart from the nags.

So I agree with Ron. Leave well enough alone if your system is otherwise OK. And if you have Dell Update installed, disable its automatic scanner.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
Bugbatter
7 Thorium

Re: BIOS updates to counter Meltdown/Spectre?

General info:

Scroll down to the Dell links.

https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spect...

Regards,

Bugbatter


Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
Simbol
2 Bronze

Re: BIOS updates to counter Meltdown/Spectre?

We are having a lot of difficulties with these BIOS updates and patches in our organization.

We are an international company with over 10 offices around the world, we use Dell as our hardware provider and the majority of our desktops are Dell 7010 SF Optiplex machines, Dell stated on their Microprocessor Side-Channel Vulnerabilities notification:(http://www.dell.com/support/article/us/en/19/sln308587/microprocessor-side-channel-vulnerabilities-c...) that to address these vulnerabilities under Optiplex 7010 models we should install the BIOS A26, unfortunately the BIOS update indicated does not provide any microcode to fix the Spectre vulnerability.

Accordingly the Microsoft Get-SpeculationControlSettings command results are indicating that our hardware do not contains the required microcode updates to protect against CVE-2017-5715 (Spectre).

Example below:

We contacted Dell first line of support and their answer was that our Client Machines are out of warranty, then since we have several servers around the world with an active ProPlus Support we contacted our ProPlus Support account manager in the UK and it seems that they do have been unable to give me any answer or practical solution.

To make the situation worse we have many other Dell clients PCs and Laptops that are not even listed on the oficial MeltDown and Spectre Dell statement and neither Dell first line of support or our Dell support account manages have been able to confirm what will happen with all these equipment.

This is very frustrating to say the least, is there anybody at Dell that can actually help? or shall we conclude that we are now in a situation were we cannot patch any of our Dell equipment making all our users PCs unusable?

If we are struggling like this I cannot imagine how difficult it must be for many home users, year 2018 will be year where we will see the biggest data breaches in world history as it seems these vulnerabilities will be imposible to be locked down for many users around the world due to the lack of support from many manufactures or lack of understanding from the majority of users regarding the necessary steps to protect their devices.

Best Regards,

Raul Morales
Corporate Security and Network Administrator

0 Kudos