Should all BIOS be updated?

Topic

New Reply

This is a follow-up to my Patch Watch column on Monday. Should you update all computer systems and search out a new BIOS? In a word: No. If you are ru
[See the full post at: Should all BIOS be updated?]

Susan Bradley Patch Lady/Prudent patcher

6 users thanked author for this post.

Great Lake Bunyip, Elly, Kathy Stevens, Pepsiboy, Alex5723, Deo

Reply | Quote

Replies

Thx Susan! You read my mind with my old Dell Optiplex

Reply | Quote

I always update the BIOS on my PCs when there is an update.

I never found the need to change BIOS settings so there is no fear of losing them.

For example the latest BIOS update for my Lenovo Y530 :

“This package updates the basic input/output system (BIOS) on Legion Y530 – 15ICH
BIOS..

Make note of any settings you have changed in the BIOS Configuration Utility. These settings may have to be re-entered after updating the BIOS…

Modified
1) Enhancement to address security vulnerability LEN-48100;
2) Enhancement to address security vulnerability CVE-2020-8694/8695/8696/8698;
3) Enhancement to address security vulnerability CVE-2020-10255…”

..
..

1 user thanked author for this post.

Fred

Reply | Quote

[Fred]

Alex5723 wrote:

I always update the BIOS on my PCs when there is an update.

I never found the need to change BIOS settings so there is no fear of losing them.

For example the latest BIOS update for my Lenovo Y530 :

“This package updates the basic input/output system (BIOS) on Legion Y530 – 15ICH
BIOS..

Make note of any settings you have changed in the BIOS Configuration Utility. These settings may have to be re-entered after updating the BIOS…

Modified
1) Enhancement to address security vulnerability LEN-48100;
2) Enhancement to address security vulnerability CVE-2020-8694/8695/8696/8698;
3) Enhancement to address security vulnerability CVE-2020-10255…”

..
..

Right, patching vulnerabilities and/or improving the system is the “positive” aproach.

The “negative” is opening the system for backdoors together with kernel changes, just has been done for some Unix and Apache OS’s, to open up systems to fetch some blackmarket/darkweb groups and dismantle the encrypted phone privatekey-servers. That was a joint efford by some 9-eye organisations. So, together with (for instance) the Pegasus-spysoftware on the loose who can tell what is right or wrong?

Let’s all buy new hardware   

* _ ... _ *

• This reply was modified 2 months, 2 weeks ago by Fred.

Reply | Quote

I agree with you, Susan. “If it ain’t broke don’t fix it”.

Mark

Reply | Quote

I hate that logic, seeing it akin to saying, “I don’t service my car until it runs unreliably”.

 

Reply | Quote

It is not the same by a long way. Cars wear due to mechanical friction, software does not.

cheers, Paul

2 users thanked author for this post.

WSbobby-p, PL1

Reply | Quote

Kevin wrote:

I hate that logic, seeing it akin to saying, “I don’t service my car until it runs unreliably”.

I update all the BIOS’ on my systems to the current version. I do not usually see any updates offered to older Motherboards after a certain point. If it is a new Motherboard, there are MB fixes being made, so I think the BIOS should be updated.

That said, I can see the other side. It is possible something goes wrong during the update. There is a risk. For example, you could have a power failure in the middle of the flashing which could disable the Motherboard. Current BIOS’ do have protections, but there is always a risk of failure.

The difference between updating a BIOS and maintaining a car is a little bit apple and orange. A BIOS is not wearing or degrading with usage while a car is. If the BIOS update is not addressing an issue you are having, why take the risk if you are worried?

Reply | Quote

Susan Bradley wrote:

Updating your BIOS isn’t quite as scary as it used to be, but when you have a functional system that you do not plan on upgrading, I don’t see a reason to. Do you?

Yes. Most BIOS updates patch security vulnerabilities:

High severity BIOS flaws affect numerous Intel processors

23 Major BIOS Vulnerabilities Discovered, Impact Intel, Lenovo, Others

Intel Lists 16 New BIOS Firmware Vulnerabilities

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

4 users thanked author for this post.

Alex5723, ve2mrx, fk5353, PL1

Reply | Quote

But how many of these vulnerabilities require the attacker to have physical access to the machine in order to actually exploit them?

And a remote attacker has already gained access and maybe elevated privileges to exploit them so its already game over before that happens.

Reply | Quote

Remember I’m talking about older machines.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

All 3 of the PCs that we have are home built.  I always update the BIOS after building since right out of the box, motherboards may have a BIOS that is outdated.  When a new BIOS is available, I will check to see what benefits it provides.  In many if not most cases it is a minor improvement, usually improving memory handling.  There are seldom security fixes.  In this latter case, I always update.

1 user thanked author for this post.

PL1

Reply | Quote

How about the recent story about Intel CPUs that needed a microcode update to not go bad? This is a very good reason to keep BIOS updated IMHO!

Martin

1 user thanked author for this post.

Toa Of Justice

Reply | Quote

https://en.wikipedia.org/wiki/Raptor_Lake

But those are recent chips.  I’m talking about chips from 2018 that you haven’t done the bios update on and are running Windows 10.

 

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

TechTango

Reply | Quote

I haven’t updated my HP ZBook 15 G5 beyond 01.24 from March 2023, despite there being new versions available. The next version after 01.24 contains the microcode update for the Downfall mitigation (which can’t be disabled), and I don’t want to take the performance hit from it.

Reply | Quote