XPS 8930, new BIOS version just released, 1.1.28

So who wants to be first...?

Wonder if 1.1.28 fixes any CVEs that weren't fixed in 1.1.27. If anyone has the list (or a screenshot) for 1.1.27, please post it here.

If they're all the same CVEs, users who successfully installed 1.1.27, like me, may want to skip 1.1.28 completely...

This platform isn't making sense anymore. First it installs a super cookie on my browser today keeping me signed in. After I removed it, I was locked out of signing in. Had to use different credentials to sign-in . . . under a slightly different name 

DJH   

I tried to install 1.1.28 on my 8930 today, but I get "Error: Driver Version Fail!" I tried to install the 1.1.27 on my machine in December and it trashed the BIOS, so I'm a bit wary of this and will hold off trying it again until I hear something new.

@Mike Schmieg  Yes, tell us exactly how you tried to run the update, asap!

EDIT: Be sure to include your version of Windows too.

No, I tried the Windows method. I used the USB installation for 1.1.27 on my Win 11 system (fully updated) which bricked my system, so that none of the recovery techniques worked. Dell charged me $250 for shipping and replacing the motherboard. I got the system back, went into the BIOS to make sure the settings were correct. 1.1.27 was still installed. Saved my settings and the system bricked again. Dell did not charge me for the second repair, but I need the system right now and I'm hesitant to take another chance, at least not until after my taxes are files.

@Mike Schmieg 

I don't blame you for not wanting to. I'd be hesitant too if I had sent the PC back twice.

The security patches that 1.1.28 fixed which they listed on the Support site are CVE-2022-33894, CVE-2022-34398, and CVE-2022-40262.

The one highlighted above happens to be the only CVE listed on Dell's Security Advisories and Notices site where BIOS version 1.1.27 applied the security update for that particular CVE where the XPS 8930 was one of the affected systems. Scrolling down to the bottom of the linked page for DSA-2022-339 you'll see BIOS 1.1.27 that applied the security patch for the XPS 8930 

https://www.dell.com/support/kbdoc/en-us/000206038/dsa-2022-339-dell-client-security-update-for-a-dell-client-bios-vulnerability

I know for a fact three were listed in December. I just didn't make a note of the ones.

But here's the thing which I believe is the good news. Based on the fact that CVE-2022-34398 was listed again for BIOS 1.1.28.exe,  it's basically a given that the other two CVE's listed that BIOS 1.1.28 fixed are also the same CVE's that BIOS 1.1.27.exe fixed. Those CVE's were not publicly disclosed when discovered and I believe the term for all three CVE's are reserved CVE's 

So if I understood your last post, they sent back your system with 1.1.27. If that's the BIOS version you're on, I wouldn't be concerned about not having the latest security update. I'm basically certain 1.1.27 patched the same vulnerabilities and exposures that 1.1.28 patches.

I would be very weary though if you haven't disabled UEFI Firmware Capsule Update in your BIOS settings and disable it now before Windows Update tries to install Dell -Firmware - 0.1.1.28  on your system before you have the chance to start working on your taxes.

@spotteddog 

The preferred BIOS settings that will aid with BR3 to recover the BIOS from the EFI partition if you run into an issue updating are Auto BIOS Recovery and Always Enabled Integrity Check. Each time you flash the BIOS a mirrorred image is stored on that partition. However, instead of soley relying on that method, its recommended by Dell for the XPS 8930 to create a BIOS recovery USB stick. Since you said you went back to 1.1.26 last month, did you use that method ?

If you did not, I'll provide those steps for you on how to create that USB device when you post back

So, the answer to your question regarding the settings in BIOS : 

Auto BIOS Recovery - Enabled

Always Enabled Integrity Check - Enabled

And its highly suggested that you also Disable UEFI Firmware Capsule Update 

It wasn't clear which BIOS version you're currently on after you got your PC back the second time. You omitted whether or not they downgraded from 1.1.27 after you got it back the second time 

If its any consolation, I'm still on BIOS 1.1.26. The security vulnerabilities really are not all that too concerning, at least not to me personally. But, to each his/her own. After I followed that debacle on this forum last month, that was enough reason to resist attempting to updgrade.  

I'd rather have a functioning system that's still not fully patched with the latest up-to-date fixes than to take the other risk . . and after vowing to never go through sending the 8930 off to Dell. 

After the problems with 1.1.27, I am hesitant to try to install 1.1.28. I went back to 1.1.26 and, as recommended, I changed a few (security) things in the BIOS. 

Do I have to go back and change anything in the BIOS before trying this update?  I'll be using the USB update. Windows 11.

Actually, I'm not running 1.1.27. After Dell replaced the motherboard the first time, it booted fine. I then entered the BIOS setup to make sure the settings were correct. They were not, so I changed them. Upon saving them, the system bricked again. So, after they repaired it the second time, I did not enter the BIOS setup until after I restored 1.1.26. After that, I was able to enter the setup, make my changes, save them, and all was fine.

I have done the BIOS flashes from the F12 option since I purchased this unit in 2018. The most recent flash (back to 1.1.26) is the first one I have done through Windows and the 1.1.28 is only the second time that I have tried it through Windows, but that apparently does not work any longer. Thank you for the tip on disabling UEFI update. I will disable that immediately. I didn't even think of that.

Things have greatly changed since I used to build these things for a hobby. The last one that I built used a 48x86 processor and that was back in the 90's. I thought that thing was fast with a 100mhz processor overclocked to 133 and now this 8930 has a 4ghz processor. It was also easier in the old days where I could just replace a BIOS chip if it got trashed instead of sending it back to Dell and replacing an entire motherboard. I did have a problem with the first repair as the unit came back with loose screws rolling around in the case that had not been tightened when the system was repaired. The second repair did not have that problem.

I think you were replying to my post. See my reply above to DJH301.

---

@Mike Schmieg wrote:

I did have a problem with the first repair as the unit came back with loose screws rolling around in the case that had not been tightened when the system was repaired. The second repair did not have that problem.

---

That's exactly the reason why I vowed never to send my 8930  back to the depot ever . . .I made that mistake last year and my secondary HDD began clicking right after it came back. At that point there's nothing you can do. I wasn't sending it back to have them replace what they broke and risk another component getting damaged

Did you shake the chassis upside down just for good measure to be sure no other screws are still in there? 

Yep. I sure do remember those old days if the BIOS chip went bad. I don't believe anyone makes system boards like that anymore. It's too bad.         

---

---

@spotteddog wrote:

 

I downloaded the 1.1.26 to usb and installed that version. I didn't use the recovery usb. Is that what you were asking?

Yes. that's what I meant by a BIOS Recovery USB stick. Dell states that its the recommended method for the XPS 8930.

Since you recovered the BIOS last month with a USB, you had to have taken a FAT32 formatted USB, downloaded BIOS 1.1.26.exe from Dell and copied it to the root directory on the USB stick . . .(without putting the file inside any created folder on the USB). You then had to have changed the name of the file from BIOS 1.1.26.exe to BIOS_IMG.rcv .

That's how you make a BIOS Recovery USB device. 

Ron he didn't mean from Windows Update or SupportAssist or Dell Update application.  Although he'll speak for himself, I'm sure he meant he followed the instructions on Dell Support for updating the BIOS. I understand its very important to relay exactly what he tried, but I'm certain what he meant by the "Windows method" is he manually launched the update in the Windows environment which are the instructions under the BIOS Update page titled  "Updating the BIOS from Windows" .