Another BIOS Update for Dell Machine?

Topic

New Reply

Yet another BIOS update! This one dated 11/9/21.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html
Summary: Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0157

Description: Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Does this mean someone must have local access to my machine in order to execute on this vulnerability? In which case, it isn’t a huge risk for me…..is it?

Do i have to jump right on these BIOS and Intel security updates when they require local access in order to execute?

1 user thanked author for this post.

ClearThunder

Reply | Quote

Replies

Earlier this month, this was downloaded to my Dell 8930 with Win10 Home:

Dell. – Firmware – 0.1.1.18

I had no choice during the installation and it involved a reboot, BIOS installation and then a reboot. The installation was unusual because I had not seen the computer do that before. If you are running Win 10 Home, I think you just have to accept it!

1 user thanked author for this post.

ClearThunder

Reply | Quote

Thanks for the heads-up.  I have my Microsoft, Intel and Dell telemetry blocked by my firewall, so I wasn’t offered or pushed into this BOIS update.  This gave me time to do a quick backup before I went to the Dell site, typed in my service tag and, sure enough, there were five updates available for my machine, of which only two were ‘critical’; the BOIS and an update for my graphics card, to which I navigated directly to NVidia and DL’d the thing from there.  Both updates went smoothly although I’m puzzled as to why NV’s update was over 800MB. (Probably was also installing a whole new driver)

"War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

Reply | Quote

I’m sick of Dell after 22 years. I went there curious to see if there is an nVidia update for my 8930 like what you mention. I always block auto updates, etc and rarely manually do any during the life span of the computer so I didn’t see anything there. I don’t install the Intel garbage which is usually what BIOS update is about. Plus, I especially resent that Dell (for BIOS updates, scanning the computer to see what is needed, etc) still refuses to work with any browser other than Edge which I don’t use.

I’m old school where we never installed BIOS updates unless ultra critical and that almost never happened. I disagree with this total about face of Dell and other Windows computer manufacturers as I doubt these “critical” BIOS updates are anything other than blatant lies to get folks to believe they are almost constantly in need of them. I’ve never had any problems by ignoring all BIOS, etc Dell updates.

I do trust nVidia still so I’ll go there and see if there is an update. Dell is a joke these days…I was not allowed even as a SMALL BUSINESS PURCHASER (rather than Home) to purchase 5 years on the extended warranty I always buy. It expires in a few days (at 4 years) so I won’t do any updates after that and I will likely purchase a Mac next time as I love my iPhone and Apple watch which I have acquired since I got the Dell 8930 desktop..

Reply | Quote

@Mele20, You said “I especially resent that Dell (for BIOS updates, scanning the computer to see what is needed, etc) still refuses to work with any browser other than Edge which I don’t use.”.
I have no problem using Firefox.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 19045.2486 Microsoft 365

Reply | Quote

Back to the initial question, “via local access” means the miscreant needs to actually be there at your machine to use the attack vector. From the other information given you might guess it’s possible to intercede in the normal process of starting the machine, plausibly  by setting flags to to enter “software maintenance” mode, placing the machine in a state where certain circumstances might enable the loading of illegitimate software into the UEFI boot of the machine (that is to say, so the software is running before Windows starts..) which is handy if you want to silently introduce malware to break a password or worse without the BIOS HSTI system detecting the boot security is compromised and stalling the boot process, and thus failing in its mission of preventing the OS from starting in a contaminated memory space. BIOS updates are signed off by hardware and software providers and those separate signatures are checked (even more strictly, Intel microcode updates are installed by a process so convoluted it’s reckoned only about 10 people at Intel actually know the way they are loaded.. https://en.wikipedia.org/wiki/Intel_Microcode).

Of course there are no indications of what you might be able to do, or how you might achieve it in this case, as that could constitute a “how to” for someone who wants to get back at a workplace rival or take down every machine of a certain configuration should another problem surface enabling this issue to be remotely leveraged.. !

1 user thanked author for this post.

dmt_3904

Reply | Quote

John wrote:

I have no problem using Firefox.

That’s probably because you are using current Fx. My default browser is Basilisk which is forked off Fx 52 ESR and provides all the older, far more powerful, extensions as well some of the newer weak ones. it is kept fully up to date security wise so there is no need to forgo the greatest of older Fx for the pathetic current version. As far as Fx itself, I use 60.9 ESR version the last version with the really great extensions and it is rejected now by Dell and banking sites….I just use my iPhone for banking.

1 user thanked author for this post.

John

Reply | Quote

You can prevent Windows Update from installing UEFI/BIOS updates on Dell machines by entering the setup utility and disabling the option for “UEFI capsule firmware update”.

Reply | Quote

I didn’t know that so lots of thanks to you!

I will have a look tomorrow.

Reply | Quote

I will likely purchase a Mac next time as I love my iPhone and Apple watch which I have acquired since I got the Dell 8930 desktop..

Ditto!! Sick of Dell.   Sick of Microsoft!  Apple has its issues too, but I believe it will be a much better experience. Just purchased a new iPad (Apple Black Friday deal) and Magic Keyboard.  I am looking at a La  Cie SSD for my files.  I will need another device for backup.

Reply | Quote