Unsolved
This post is more than 5 years old
1 Message
1
6282
BIOS Update for XPS8700 to address vulnerability?
I came across this document listing what Dell products will receive BIOS updates to address the new vulnerabilities: http://www.dell.com/support/article/us/en/19/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en
Why is the 8700 not on the list?
2-J
84 Posts
0
January 12th, 2018 11:00
Same reason my XPS 8000 ain't getting an update. Too old.
Bunkwork
5 Posts
0
January 14th, 2018 04:00
Hmm, What is NOT clear to me is that the BIOS update is required or not to protect against the vulnerabilities.
If the Kernel is patched, shouldn't we be protected at the OS level?
I have a Studio XPS 435MT, i7 920 Bloomfield. I don't see this on the list.
3dcrypto
4 Posts
0
January 15th, 2018 08:00
It is my understanding that you are NOT fully patched till you get a BIOS update which includes a firmware patch from Intel. The patch may include some new processor instructions or modifications to current ones that the patch may need. I also have a 8700 and a 8500. I do not expect that Dell will fix either but they may, who knows?
3dcrypto
4 Posts
0
January 15th, 2018 11:00
You can download Steve Gibson's new tool to check what your status is from here:
It does verify that if you do not get a firmware update (new BIOS) then you are NOT protected from Spectre. Meltdown does not need a firmware update but Spectre does so it's up to Dell whether they want to leave all of us with Haswell and lower CPUs out in the cold. So for XPS boxes it's 8700 and lower who are not protected.
aweber1nj
17 Posts
1
January 19th, 2018 07:00
I'm trying to wrap my head around how many facets there are to this, including:
, but makes out like a bandit, because they have to mfr all those new chips for the uptick in PC sales due to their own bug.
In the meantime, we XPS 8700 owners (amongst many others) are left out in the cold with some otherwise great hardware that is vulnerable to major hacks.
Let's hope the main AntiVirus vendors stay on top of any exploits and we use that as a crutch until a resolution is found (or we save up the money to replace all our machines)!
vtoy116
307 Posts
0
January 19th, 2018 12:00
There are two security issues, Meltdown and Spectre. Meltdown is fixed by updating the OS. Spectre requires microcode updates which means firmware and a BIOS update. If these security issues could be resolved through anti-virus updates I would think that would have happened before resorting to the path that is being taken. The only reason anti-virus programs are being updated as a result of these security issues is because the changes the OS can cause some anti-virus programs to lock up the computer.
aweber1nj
17 Posts
0
January 19th, 2018 13:00
No security issues are "resolved" via antivirus updates. The AV simply prevents attack-vectors from executing on your machine and exploiting known security holes.
I am aware of the two point of patching required. The point about keeping your AV up-to-date is to mitigate/prevent those attacks from getting on your PC in the first place (as always).
Your PC won't wake up one day and start side channel attacks on you. You (or someone with access to your PC) will have to download malicious code and execute it in one of the "usual" ways like a phishing link, website download, etc. A decent antivirus program will hopefully go a long way in preventing that from happening (minus true, zero-day exploits).
Having Dell actually update the XPS's BIOS/microcode would be the optimal solution. My point was that a good AV program may help you get by, but is certainly sub-optimal.
vtoy116
307 Posts
0
January 19th, 2018 17:00
Intel, Microsoft, and others have known about and have been working on the solution for Meltdown and Spectre for several months before it became widely known. If an AV program change was effective you would think that would have happened and we would not be taking performance hits and all the other actions to mitigate/prevent this problem which certainly does not seem to be an optimal solution. An AV solution may still be out there, but given what the experts have done to date makes me think that solution is not currently viable. This means there will be millions of computers that are vulnerable because there will be no updates for older systems.
aweber1nj
17 Posts
0
January 20th, 2018 06:00
I think we're getting off-topic, but which of the known exploits of "Spectre" has gotten past any of the major AV vendors making you think they're ineffective?
The main reason any AV approach is sub-optimal is that it's almost always "reactive" to an exploit. Patching security holes in source is always preferable, because it removes the opportunity in the first place and prevents zero day effects.
In any event, I think we mostly agree on your last sentence.
vtoy116
307 Posts
0
January 20th, 2018 12:00
I certainly agree that almost always AV programs are reactive to exploits. As far as I have read there are no known (or at least detected) exploits of Meltdown or Spectre in the wild. The only reason I think AV programs are ineffective is because I don't see Intel, Microsoft, or Linux saying let's just like the AV programs block these exploits. I certainly wish it was as simple as updating AV programs.
canucks4life
4 Posts
1
January 21st, 2018 11:00
Seems like a conspiracy to me XPS 8700 really isn't that old they have BIOS/Intel MEI updates for some Laptops on that list older than our PC's...using scare tactics to force people into buying new systems #tinhat. :catfrustrated:
elliotw
28 Posts
0
January 21st, 2018 14:00
Yes - please - My XPS 8700 with i7-4770 is really fast and totally fine as a PC. I admit it is about 4 years old, but it should still be maintained for essential driver updates etc. I really want Dell to patch the XPS 8700 BIOS - which has not been updated since July 2015 - to deal with the Meltdown/Spectre vulnerabilities.
Outrageous that Dell hasn't make one - or even suggested there will be one - available...
2senior
5 Posts
0
February 27th, 2018 13:00
Dell has posted an update to bios for xps8700. If anyone installs it please comment on its effect on your machine's speed if any.
elliotw
28 Posts
0
February 27th, 2018 14:00