Do No install Spectre BIOS Updates, Dell Says

[Bot]

Dell is the latest company to join the Meltdown and Spectre update fiasco, as it rolled out an advisory for its customers to recommend against installing the latest security patches that address the Spectre variant 2 vulnerability.

In a tech document published on its website, Dell EMC explains that users who haven’t yet installed the latest BIOS updates are recommended to delay deployment, while those who already did it should try rolling back to the previous version.

Dell says the problem resides in the security updates shipped by Intel and included in its own firmware updates, which could cause reboot issues and system freezes. The company has already pulled the affected BIOS updates, as it’s working on new versions to address the problems.

“Intel has communicated new guidance regarding ‘reboot issues and unpredictable system behavior’ with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel,” Dell says.

Read more: Do No install Spectre BIOS Updates, Dell Says

 

[Dean Winchestere]

Jesus effing christ.

 

[bjm_]

If you own a PC from Dell, HP or Lenovo, chances are very good that the BIOS or UEFI firmware update you installed earlier this month is bad. Here’s how to dig yourself out of the Meltdown/Spectre mess.

Let the BIOS/UEFI firmware recall begin!

 

[Faybert]

What a mess! It seems that they do not even know what to do anymore to solve this.

 

[Vasudev]

Rolled back since I saw Whitescreen issues, high CPU temps and unresponsive CPU upon 100% load.

 

[TrinitronMSDOS]

I know it might not be "technically" the best option, but i won't do any bios update for fixing this issue. It is my understanding that it is likely that the update will mess with the system, and even if they do deploy a stable after a few months, it will probably have an impact on performances. Also for a consumer it is unlikely to be impacted by Meltdown or Spectre.

The ultimate patch will probably be buying a new PC when the time comes to change it. Then it will really be secure... until the next breach !

 

[MeltdownEnemy]

Hoping for an effective solution, I'm afraid to do flash into bios, the most hateful thing, is that intel insisted on hiding the truth to the consumers during several months and continuing to sell defective processors, without saying a potato. im hoping my guarantee.

 

[LASER_oneXM]

i havent instaled any BIOS updates yet because its quite risky to install new BIOS and the latest emergency releases seemed to be not stable enough... ...will wait a while for more stable releases....

 

[Stopspying]

....is that intel insisted on hiding the truth to the consumers during several months and continuing to sell defective processors, without saying a potato. ....

Add to that the fact that Intel so far hasn't provided anything in the way of patches that I'm aware of for older CPU's. Sure, its not always recommended to keep using old equipment but many people can't afford brand new computers or processors every few years, nor can government, local councils, other public bodies and lots of small businesses from what I see in the UK. Its long been advocated by Linux users that people who can't afford to upgrade repeatedly should try Linux, personally I tend to agree with that provided the users don't need to use some of the well-known and very expensive software suits. It would cost Intel and other chip manufacturers a lot to provide fixes for all of their CPUs, but why should individuals pay for it? The chip manufacturers produced products with serious vulnerabilities. If it is the case that many users feel forced into paying for new computers then the chip manufacturers will make a nice tidy profit, yet again, perhaps that is what they are hoping for!

On another forum I saw a post questioning why someone who had bought a new household white goods appliance which was found to have a major flaw in it soon after the purchase should be expected to cough up for a replacement. They probably would not be in the way that many tech product suppliers expect their users to do so. Licenses to print money and all that..........

 

[Lightning_Brian]

i havent instaled any BIOS updates yet because its quite risky to install new BIOS and the latest emergency releases seemed to be not stable enough... ...will wait a while for more stable releases....

@LASER_oneXM Couldn't agree more! HP released a bunch of updates, but shortly after they rolled out more releases stating that the current BIOS patch (the one they released not long ago) wasn't as stable as they once thought. Therefore, I would highly recommend anyone and everyone who is not a server farm or a cloud firm to hold off for the moment until the patches are deployed for a while and your not part of the BETA test. Again, this is just my two cents worth. None of my home computers (Dell/Alienware) have the latest BIOS patches for these issues yet, because I don't want to be part of any BETA test.

I feel bad for people who are caught in the random reboots or constant rebooting to the point that they cannot use their systems. Those who are out of warranty may very well likely be sunk. That's why I recommend to all my clients that until a BIOS update has been firmly tested to hold off for a while or a long time depending on the problems (if its super critical or not). For some, if it is not broke....Well you know the saying "DON'T FIX IT".... This may be one of those updates that I may skip until I know everyone isn't having any issues post 6-8 months after release. Then again, private computers are not at super major risk here - at least not as of yet as the hacking is not in the wild to the best of my knowledge.

~Brian

 

[Vasudev]

Add to that the fact that Intel so far hasn't provided anything in the way of patches that I'm aware of for older CPU's. Sure, its not always recommended to keep using old equipment but many people can't afford brand new computers or processors every few years, nor can government, local councils, other public bodies and lots of small businesses from what I see in the UK. Its long been advocated by Linux users that people who can't afford to upgrade repeatedly should try Linux, personally I tend to agree with that provided the users don't need to use some of the well-known and very expensive software suits. It would cost Intel and other chip manufacturers a lot to provide fixes for all of their CPUs, but why should individuals pay for it? The chip manufacturers produced products with serious vulnerabilities. If it is the case that many users feel forced into paying for new computers then the chip manufacturers will make a nice tidy profit, yet again, perhaps that is what they are hoping for!

On another forum I saw a post questioning why someone who had bought a new household white goods appliance which was found to have a major flaw in it soon after the purchase should be expected to cough up for a replacement. They probably would not be in the way that many tech product suppliers expect their users to do so. Licenses to print money and all that..........

@LASER_oneXM Couldn't agree more! HP released a bunch of updates, but shortly after they rolled out more releases stating that the current BIOS patch (the one they released not long ago) wasn't as stable as they once thought. Therefore, I would highly recommend anyone and everyone who is not a server farm or a cloud firm to hold off for the moment until the patches are deployed for a while and your not part of the BETA test. Again, this is just my two cents worth. None of my home computers (Dell/Alienware) have the latest BIOS patches for these issues yet, because I don't want to be part of any BETA test.

I feel bad for people who are caught in the random reboots or constant rebooting to the point that they cannot use their systems. Those who are out of warranty may very well likely be sunk. That's why I recommend to all my clients that until a BIOS update has been firmly tested to hold off for a while or a long time depending on the problems (if its super critical or not). For some, if it is not broke....Well you know the saying "DON'T FIX IT".... This may be one of those updates that I may skip until I know everyone isn't having any issues post 6-8 months after release. Then again, private computers are not at super major risk here - at least not as of yet as the hacking is not in the wild to the best of my knowledge.

~Brian

These days I feel buying mid range PCs will be great since the investment risk is less since you can buy newer components at any point of time.
Enterprise or servers will likely switch to competitor's CPUs like AMD or Qualcomm since they can't afford wasting too much $$$$ which Intel decides to axe/trash it.
Simply I wouldn't trust Intel ever again.
Even today the MEFW update isn't made available for my PC.

 

[509322]

Dell is the latest company to join the Meltdown and Spectre update fiasco, as it rolled out an advisory for its customers to recommend against installing the latest security patches that address the Spectre variant 2 vulnerability.

In a tech document published on its website, Dell EMC explains that users who haven’t yet installed the latest BIOS updates are recommended to delay deployment, while those who already did it should try rolling back to the previous version.

Dell says the problem resides in the security updates shipped by Intel and included in its own firmware updates, which could cause reboot issues and system freezes. The company has already pulled the affected BIOS updates, as it’s working on new versions to address the problems.

“Intel has communicated new guidance regarding ‘reboot issues and unpredictable system behavior’ with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel,” Dell says.

Read more: Do No install Spectre BIOS Updates, Dell Says

What a pathetic state of affairs.

I own Dell systems and haven't seen it. However, I have many friends and acquaintances that own Dell systems.

Immediately after Microsoft's patch for Meltdown\Spectre KB4056892 some could not logon to their systems. The OS would make them recover their password each time they would reboot their system. I had to get them to disable the password\PIN on the logon screen until this gets all sorted out.

 

[boredog]

Ok how many times do I have to say this!!!!!!! This is not only a Intel issue. AMD and ARM CPU's have the same problem. Stop bashing only Intel. Even Apple chips have this issue.

 

[shmu26]

I have a Dell laptop, but I did not flash the BIOS, because even if the firmware update was not flawed, the chances of borking my laptop while flashing the BIOS are hundreds of times greater than the chances of infection from Spectre or other similar ghosts, spirits and demons.

 

[Vasudev]

I have a Dell laptop, but I did not flash the BIOS, because even if the firmware update was not flawed, the chances of borking my laptop while flashing the BIOS are hundreds of times greater than the chances of infection from Spectre or other similar ghosts, spirits and demons.

Always use Dell GSet WinPE based BIOS flashing, its quick and super easy.

 

[shmu26]

Always use Dell GSet WinPE based BIOS flashing, its quick and super easy.

thanks