BIOS Updates Again ???

Everyone has updates based on CVE. Meltdown and Spectre are from last year and there are new variants.

The latest CVE is called Zombieload.

ZombieLoad is known as a Microarchitectural Data Sampling (MDS) vulnerability, and it shares some characteristics with Spectre and Meltdown, the two side channel attacks announced in January 2018.

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

This can affect vulnerable version of Windows, Linux or MacOS

Like @speedstep said, this is entirely Intel's (and Microsoft's) fault. Dell, other OEMS, and users are all just caught in the middle.

Nobody forces you to update BIOS, ever. But then you have to accept the risk and responsibility that your PC gets hacked because you didn't update BIOS...

All we know is what Dell posts on their support page about a BIOS update. The page  frequently refers to a CVE (security threat) which details specifics about the problem the update fixes. So you can google that CVE if you want to know the geeky details.

Seems lately that by the time Dell updates BIOS to fix one CVE, a new one (or more) has turned up. And it's possible some of these CVE fixes require a prior CVE fix before the next one can be applied.

If Dell wasn't releasing these BIOS updates as quickly as they possibly can after a CVE is reported and a fix developed, I'm sure you would be whining because Dell isn't keeping your system protected.

As I said, nobody is forcing you to update BIOS. So you can ignore all these new updates, and accept the risk of having a PC with unpatched security holes.

BTW: if you don't stop using words that get **bleeped** and/or abbreviations for words that would have gotten bleeped, you're likely to be put on moderation on this forum, or banned entirely. So knock it off...

Ok, Okay,,, So it's not Dell's fault.

But still, why so many **bleep** updates. Today is 8/23/19 and I just did one (I was prompted) a few days ago and NOW tonight the system is telling me to do another one. This never seems to stop.  I've had PC's since the early 80's, encountered a million problems and update scenarios, been buying PC's from Dell for 15 years now, and NEVER EXPERIENCED THIS BEFORE. I don't like  with the BIOS so much. 

How can I find out what the update is actually for (descriptions are always vague) and whom issued it (Intel ( or MS), in order to make an informed decision as to proceed or not. Any ideas?