BIOS Update?

Topic

New Reply

In the past, with previous Windows Versions like 7 or XPS, I usually eschewed from BIOS updates.  I am on Windows 10 Home now, build 18362.720.

I looked at the available Dell Drivers & Downloads updates applicable to my system and saw there was a BIOS update that seemed to have a lot going on.  Since I am new to doing BIOS updates I was wondering if any of you veterans could take a look at what would be updated with this latest BIOS update and tell me if it is important. On the Dell site is says “Optional”, yet with my Dell Support Assist program it says “Recommended”.  Thanks.

Here is what would be updated:

“This package contains the Dell system BIOS update. BIOS is a firmware that is embedded on a small memory chip on the system board. It controls the keyboard, monitor, disk drives, and other devices.

This update addresses the Intel Security Advisories INTEL-SA-00219, INTEL-SA-00220, INTEL-SA-00241, INTEL-SA-00254, INTEL-SA-00260, INTEL-SA-00270, INTEL-SA-00289, and INTEL-SA-00317. A security advisory is a statement when a product is impacted by a security vulnerability and a remedy is available.

Fixes & Enhancements
Fixes:
– Firmware updates to address Intel security advisories INTEL-SA-00260 (CVE-2019-0154) and INTEL-SA-00254 (CVE-2019-0185).
– Firmware updates to address security advisory INTEL-SA-00241 (CVE-2019-0169, CVE-2019-11104, CVE-2019-11090, CVE-2019-0168, CVE-2019-11087, CVE-2019-11101, CVE-2019-11106, and CVE-2019-11147)
– Firmware updates to address Intel security advisories INTEL-SA-00219 (CVE-2019-0117), INTEL-SA-00220 (CVE-2019-0123), and INTEL-SA-00270 (CVE-2019-11135).
– Firmware updates to address the Intel Security Advisories INTEL-SA-00289 (CVE-2019-11157) and INTEL-SA-00317 (CVE-2019-14607).
– Removed the IpSec driver and application.
– Fixed an issue with preboot TPM detection and error logging.
– Fixed a BIOS Setup configuration issue that occurs after clearing the CMOS.
– Fixed the issue where the VGA cable does not get detected during Enhanced Preboot System Diagnostics (ePSA).
– Fixed an issue where the system takes time to power on. This issue occurs when the monitor is disconnected from the system and the resolution update initiates.

Enhancements:
– Added a new feature to automatically suspend BitLocker before upgrading the firmware. After the firmware upgrade is complete, BitLocker is automatically enabled.
– Added an enhancement to extend the BIOS password configuration measurements into the TPM.”

Reply | Quote

Replies

That’s a lot of security vulnerabilities it lists as fixing!

If you are concerned, you could wait and see if any users of the same PC report any issues with the update (on the Dell site or anywhere else), and if not, go for it.

There are two general kinds of problems that can happen flashing firmware.  The first is that the new firmware is buggy or otherwise undesirable, and the second is that something goes wrong during the procedure, and the firmware is left in a corrupted state.

The first one might be easily fixable, if it occurs, if your Dell is like the two I have.  Both of them have an option to enable downgrades, so that if I find a new firmware is not good in any way, I can revert to the previous one until (hopefully) Dell fixes the problem and issues a revised version of the firmware.  It’s unlikely that a bug in OEM firmware would be so bad that it would brick the system (see below for more about what that means if you are not sure).

The second one is the one everyone fears, because having the flash ROM in a partially programmed state would usually result in a bricked system, unable to boot or do anything (not even showing anything on the screen) until it is recovered, or “debricked.”  Older PCs were more likely to be unrecoverable without sending the unit back to the manufacturer, while newer ones often have more advanced recovery options.  My Dell G3 is supposed to have some kind of BIOS guard feature to protect against this.  While I have not investigated it, these kinds of things often have a dual-BIOS (it’s not really BIOS in any newer PC… it’s really UEFI, but BIOS is such a well-known term that it still gets used, even if not technically accurate) feature, where if the main BIOS is messed up during a flash gone wrong, the system still has a second copy of the BIOS that it can use to get the system working to recover the main copy.

Whether yours has this or not, I don’t know, but if you find a mention of it in the system features list somewhere, that’s what it means.

This is one of those things that is hard to answer when someone asks for a concrete recommendation.  The odds of something going wrong are small, but if it does happen, I sure don’t want to be seen as being responsible for the decision!  All I can really say is what I would do, and in this case, I would accept the update if it were my PC (as I have when Dell issued updates for my G3).  I just looked at the most recent update that was offered for my G3, which was in January, and I see it as fixing a lot of the same things you listed.  It’s working fine… using it now to type this, in fact, though that’s only really relevant to you if it was the same model, which I am sure it’s not.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

JGSING

Reply | Quote

Do you have any issues that the update fixes? If not, do nothing. 🙂

cheers, Paul

2 users thanked author for this post.

Linda2019, Mr. Austin

Reply | Quote

Most of these security vulnerabilities involve the potential leaking of information, and that malicious software could grant it self permission to do most unusual things which should not be done. In INTEL-SA-0241 that list alone has one of these vulnerabilities as critical, several are high, lots of medium level bugs and a few are low.

Depending on your Management Engine version updating might be worth the risk.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Paul T wrote:

Do you have any issues that the update fixes? If not, do nothing. 🙂

cheers, Paul

The same can be said of Windows updates/upgrades. No issues, don’t install updates/upgrades.

I always update the BIOS on my  laptop as it is the first thing to run at boot (and more).

1 user thanked author for this post.

Ascaris

Reply | Quote

There are issues in the form of exploits. That is why we update.
In the case of Windows 10, we upgrade because updates aren’t available for older versions.

cheers, Paul

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Linda, as a multiple Dell user I’d say update. I currently have 5 Dell machines and have never had a problem with a BIOS update. I just updated 4 of them this week! That said, if your machine is a laptop make sure it is fully charged AND plugged in. If it is a desktop I highly recommend having it plugged into a UPS when doing BIOS updates. Losing power during the update will brick your machine!

HTH 😎

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

Mr. Austin

Reply | Quote

A couple of years ago, there was a BIOS update which tended to slow down routers – it was released in response to the WannaCry ransomware. I didn’t install that BIOS update, because I didn’t want my router to slow down. So far, I haven’t been stung by WannaCry.

Moral of the story: I am slow proceed with BIOS updates.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Linda the OP did not specify what kind of Dell computer she is using (laptop or desktop)

I’ll say this:

if her computer is more than 3 years old, then go ahead & install the latest BIOS update available

but if her computer is relatively new (about either a few years old or bought recently) then it would be better to do what MrJimPhelps is doing and not rush in to install any BIOS updates

1 user thanked author for this post.

Mr. Austin

Reply | Quote

If it’s less than one year old, or if the warranty is still in force beyond that, you might want to perform any updates before the warranty ends, as an update released by the OEM that goes wrong should be covered under warranty.

If the PC in question has the ability to downgrade firmware (as most of my flashable items have been, including my Dell PCs, my Netgear router, my nVidia video card, my old HP laptop, but not my Acer Swift), you can be a little more relaxed about the possibility of the kinds of things that MrJimPhelps mentioned– if it comes to pass, just go back.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Thank you everyone. My Dell is an Inspiron 3671 Desktop, purchased last quarter of 2019.  It came loaded with Windows 10 version 1903.  I will proceed with caution, take it slow.  Do some research on the Dell Site and Windows Forums to see if the update is causing any problems.

While it is correcting vulnerabilities, the Dell Site said it is Optional.  I am not a computer expert to determine how serious these vulnerabilities are to our computers.   However the enhancements involving BitLocker are kind of interesting.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Paul T wrote:

There are issues in the form of exploits. That is why we update.

The same is true for BIOS firmware updates. 🙂

Reply | Quote

Not really. These are mitigated in Windows and browsers – there are plenty of old machines that can’t be updated so MS and browser makers do it for you.

cheers, Paul

Reply | Quote

[Mr. Austin]

Linda2019 wrote:

While it is correcting vulnerabilities, the Dell Site said it is Optional.

Linda2019 I just went through a similar decision process. In the case of my machine it was purchased in September 2018. I recently opted to update its BIOS. It turned out OK although there were a couple of pucker moments because I opted to do it myself. At bottom I updated the new-style UEFI BIOS because of my prior knowledge. Maybe 16 years ago a white hatted Kaspersky engineer (a woman 😉 figured out a way to inject unwanted code into the then old-style machine BIOS. That mortified many of us pro geeks.

My September 2018 machine had huge teething issues for two months which were finally sorted out and traced back to Windows 10 not playing nice with Windows 7 via LapLink Pro’s software and tech support.  A second-level Microsoft engineer finally had to be involved. When she looked (remotely) at the machine’s configuration she commented that it was ‘custom’. So I was trepidatious about a UEFI BIOS update on the machine.

Once upon a time I invested 12+ years of my professional life in building and running a 25-user, mixed OS LAN with all the software and hardware I cared to choose. I’ve happily brought that experience forward with me. These days when there are BIOS and Windows 10 ‘patches’ available, I just update them according to the broad recommendations suggested by Woody’s Defcon system, coupled with my hardware manufacturer’s suggestions (Intel, nVidia, Western Digital, Seagate, yadda yadda). I prefer not to have to think about selecting which ‘patch’ I do or don’t choose. But I also have two cloud and two local spinning drive backups of my data, including a daily drive image. And I keep my (backup) laptop updated in case either me or the manufacturers and publishers I chose make a thilly mithtake.

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

• This reply was modified 5 years ago by Mr. Austin.
• This reply was modified 5 years ago by Mr. Austin.
• This reply was modified 5 years ago by Mr. Austin.

1 user thanked author for this post.

RetiredGeek

Reply | Quote