Lenovo BIOS Update

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Lenovo BIOS Update

Post by RonH »

Is there any good reason (security for example) to update to this BIOS which addresses a lot of 'CVE's' :

Version 8TCN54WW BIOS Notification:
1. Fixed
Enhancement to address CVE-2019-12532.
Enhancement to address CVE-2019-6171.
Enhancement to address CVE-2019-0123; Enhancement to address CVE-2019-0117; Enhancement to address CVE-2019-0185; Enhancement to address CVE-2019-11135; Enhancement to address CVE-2019-0154
Enhancement to address CVE-2019-0131; Enhancement to address CVE-2019-0165; Enhancement to address CVE-2019-0166; Enhancement to address CVE-2019-0168; Enhancement to address CVE-2019-0169; Enhancement to address CVE-2019-11086; Enhancement to address CVE-2019-11087; Enhancement to address CVE-2019-11088; Enhancement to address CVE-2019-11090; Enhancement to address CVE-2019-11097; Enhancement to address CVE-2019-11100; Enhancement to address CVE-2019-11101; Enhancement to address CVE-2019-11102; Enhancement to address CVE-2019-11103; Enhancement to address CVE-2019-11104; Enhancement to address CVE-2019-11105; Enhancement to address CVE-2019-11106; Enhancement to address CVE-2019-11107; Enhancement to address CVE-2019-11108; Enhancement to address CVE-2019-11109; Enhancement to address CVE-2019-11110; Enhancement to address CVE-2019-11131; Enhancement to address CVE-2019-11132; Enhancement to address CVE-2019-11147.
Update RST Firmware version to 17.5.0.1017

There are a number of reports suggesting BIOS update problems and I have no idea how one can revert to an earlier version if necessary. I have also read Don't update' unless you have obvious problems.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78235
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Lenovo BIOS Update

Post by HansV »

I agree with "Don't update' unless you have obvious problems". I'd leave it as it is unless your laptop is experiencing problems.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Lenovo BIOS Update

Post by RonH »

HansV wrote:I agree with "Don't update' unless you have obvious problems". I'd leave it as it is unless your laptop is experiencing problems.
:cheers:
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Lenovo BIOS Update

Post by StuartR »

CVE stands for "Common Vulnerabilities and Exposures". Each of those CVEs represents a security vulnerability that could potentially be used against you.

You could search for each CVE and analyse how likely it is to be exploited in your environment, then you could make a judgement call about the balance of risk. Is it more risky to patch the vulnerabilities, or leave them there for people to exploit?

Alternatively you could just install the updates, on the grounds that you don't want to be hacked.
StuartR


User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Lenovo BIOS Update

Post by Argus »

A very quick search didn't find plenty of posts about problems, but I notice that you've posted the question in Lenovo's forums, :smile: and that some there mention problems finding disk drives(!).

From a general point of view I agree with Stuart. We don't see BIOS updates very often, and when we do, they usually address some hardware issues, or adding compatibility with new hardware. In these cases it is often quite easy to decide; for example let's say that you know you are not going to upgrade to a more recent CPU, and if that's all that has changed there's not much use updating the BIOS. In my experience over time it has not been as common to see fixes for vulnerabilities, but when they do exist, it is usually a very good idea to install them. That said, it seems you have done your research, they seem to be notified about some problems, it's probably a good idea to wait some time (and perhaps read a bit about BIOS rollback or similar. :smile:).
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Lenovo BIOS Update

Post by RonH »

Thanks gentlemen for your advice.
Yes, I have asked the question in Lenovo forum and some do have issues so I plan to 'sit tight' just now, hoping for a satisfactory answer from Lenovo ... not holding my breath. I would not normally double post but in this case it was worth the effort.

I thought that CVE's were something that Microsoft took care of in their security updates. Obviously I am wrong and will try to understand these particular ones. Regards rolling back to an earlier BIOS ... in case of errors ... this does seem to be a complex procedure, if indeed one can access the system to roll-back. However if I have a prior Macrium saved can this be used to roll back to an earlier BIOS.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78235
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Lenovo BIOS Update

Post by HansV »

I don't think a Macrium backup will affect the BIOS, it just backs up the contents of your hard disk.
Best wishes,
Hans

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Lenovo BIOS Update

Post by Argus »

No, no disk image can be used to restore BIOS.

I wouldn't say it's a complex process in general, but then we have laptops etc. ... My comment was just meant to encourage reading a bit about BIOS updates. If looking at desktop motherboards we now see all kind of features, using USB, updates without CPU or RAM installed etc. Yes, there can in some cases be some problems as result of a downgrade, rollback, there can be limits going too far back etc. There can be settings in BIOS that, if enabled, prevent a rollback, such as Secure Rollback Prevention.

https://cve.mitre.org" onclick="window.open(this.href);return false;
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Lenovo BIOS Update

Post by StuartR »

RonH wrote:I thought that CVE's were something that Microsoft took care of in their security updates
CVEs are just a way of categorising security vulnerabilities. All vendors assign CVE numbers to the security issues they report.
StuartR


User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Lenovo BIOS Update

Post by RonH »

Thanks for clarifications. I assumed that BIOS was on the HD ... good to learn something new each day. :thankyou:
Will stay in a holding pattern pending Lenovo advise OK
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78235
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Lenovo BIOS Update

Post by HansV »

The BIOS is a memory chip (or set of chips) on the computer's motherboard.
See BIOS on Wikipedia.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Lenovo BIOS Update

Post by RonH »

HansV wrote:The BIOS is a memory chip (or set of chips) on the computer's motherboard.
See BIOS on Wikipedia.
Thanks Hans ... impossible to work out what all these CVE's mean without a lot of study. I will visit my Lenovo thread over the next days to see if more users report problems.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.