Newsletter Archives

• Patching embedded code

  Posted on February 24, 2025 at 02:45 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 22.08 • 2025-02-24

  PATCH WATCH

  

  By Susan Bradley

  I’m here to state that patching firmware is easy.

  Easy, that is, if you can get over a big hurdle — knowing what device you have and where to find the proper firmware update.

  If you have a home-built or custom-built computer, often the hardest part is remembering which motherboard and accessory cards were installed. Then something turns out to be not quite right, and you’re in a pickle.

  Read the full story in our Plus Newsletter (22.08.0, 2025-02-24).
  This story also appears in our public Newsletter.

  Patch Watch BIOS, Drivers, Firmware, Firmware Update, Newsletters, Patch Lady Posts, Printers, Surface firmware update, System Information Viewer

• Firmware and drivers

  Posted on April 3, 2023 at 02:41 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  Why are drivers and firmware so important?

  Once upon a time, you would set up a computer and any display adapter driver or firmware would be automatically installed to match the hardware. More than likely, you would not install new drivers for a long, long time.

  But now with both Windows 10 and 11, I annually review drivers and firmware as the Windows feature releases come out. I go through certain steps and processes to rule out issues that might have been triggered by out-of-date drivers, especially if I’ve encountered side effects that I can’t otherwise explain.

  Read the full story in our Plus Newsletter (20.14.0, 2023-04-03).

  Patch Watch Drivers, Firmware, Graphics Cards, Intune, Motherboards, Newsletters, Patch Lady Posts, Patch Watch, WSUS

• Is firmware patching important?

  Posted on May 9, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Firmware patching has always been fraught with concern.

  Until very recently, applying firmware updates often meant launching the update process from a DOS prompt. You often received warnings that if your computer lost power during the process, your machine might be bricked. This is such a daunting thought that, for servers, I would often update the firmware when I initially installed the server and never touch it again.

  But firmware is nothing more than software, and — like every other kind of software these days — attackers find vulnerabilities in firmware. Recently, researchers found security issues in Lenovo consumer notebook firmware.

  Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).

  On Security Firmware, Newsletters, Patch Lady Posts, Surface firmware

• Intel releases more Meltdown/Spectre firmware fixes, while Microsoft unveils a new Surface Pro 3 firmware fix that doesn’t exist

  Posted on February 21, 2018 at 09:01 CST by woody • Comment in the Forums

  You’d have to be incredibly trusting — of both Microsoft and Intel — to manually install any Surface firmware patch at this point. Particularly when you realize that not one single Meltdown or Spectre-related exploit is in the wild. Not one.

  Computerworld Woody on Windows.

  Windows Patches/Security Firmware, Intel, INTEL-SA-00088, KB 4073119, KB 4078130, Meltdown, Spectre, Surface Pro 3

• Surface Pro, Surface Book firmware updates

  Posted on February 15, 2018 at 07:15 CST by woody • Comment in the Forums

  I flagged these two KB articles on the KBNew list:

  KB 4037238 Surface Pro update history (which also lists the new firmware patches for Surface Pro with LTE)

  KB 4023488 Surface Book update history

  I don’t see any mention of Meltdown/Spectre-related changes, but if you have a Surface Pro or Surface Book, you might want to think about delaying your Windows Update run until we get more reports — good or bad — about the stability of the patches.

  Thx Günter Born, Rich Woods at Neowin.

  Windows Patches/Security Firmware, Surface Book, Surface Pro

• Intel says its new Spectre-busting Skylake firmware patch is ready

  Posted on February 8, 2018 at 07:08 CST by woody • Comment in the Forums

  Oh boy. I love the smell of fresh bricked PCs in the morning.

  Yesterday, Intel said it has released new firmware that — this time, really, for sure, honest — plugs the Meltdown/Spectre security hole. Says honcho Navin Shenoy:

  Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days.

  What he’s actually saying is something like, “Hey, we spent six months coming up with new firmware to fix Spectre, released it, and bricked a bunch of machines. We went back to the drawing board and, two weeks later, came up with new firmware that won’t brick your machines. Have at it.”

  According to the freshly updated Microcode Revision Guidance, Intel has released updates for Skylake U-, Y-, U23e-, H-, and S- chips.

  Shenoy goes on to say:

  Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.

  To which I say:

  Fool me once, shame on me. Fool me twice… well, you know.

  Folks, you’d have to be absolutely batbox crazy to install these new BIOS/UEFI patches as they’re being rolled out. Give them time to break other peoples’ machines — or to prove their worth in open combat. I’m sure the folks who made the new firmware are quite competent and tested the living daylights out of everything. But they did that the last time, too.

  Again, I repeat, for emphasis, there is exactly NO known Meltdown or Spectre-based malware out in the wild.

  Other Firmware, Intel, Meltdown, Spectre

• Did you install the latest Meltdown/Spectre BIOS/UEFI firmware update? Joke’s on you

  Posted on January 24, 2018 at 09:56 CST by woody • Comment in the Forums

  What an unbelievable mess.

  At least Dell, HP and Lenovo are withdrawing all of their firmware updates. But if you heeded their call — and ignored my warning — you’re now approximately 10 meters into deep doodoo.

  Computerworld Woody on Windows

  Windows Patches/Security Dell, Firmware, HP, Lenovo, Meltdown, Spectre

• Intel Firmware Security Bulletin issued

  Posted on November 21, 2017 at 01:46 CST by Kirsty • Comment in the Forums

  Six months on from the initial vulnerability disclosure on Intel Management Engine, Intel have issued a follow-up disclosure today, on a firmware vulnerability.

  Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

  The details have been posted in the Code Red forum, but as we are missing the right panel widgets, you might not find that by navigating! Here’s the link

  Other Firmware, Firmware Update, Intel, Vulnerability
• « Older Entries