Be Prepared For a Crapload of Bricked Computers

[sapphirescales]

Great. Microsoft has the brilliant idea now that they should be forcing UEFI/BIOS updates through Windows Update. I've experienced this on numerous occasions, all with disastrous results. I just had a business class HP that I sold 2 years ago in here because the mouse wouldn't work. It took forever to figure out that an improper BIOS update pushed by Microsoft Update caused the issue (they pushed an update for a very similar model but it wasn't quite the right model). I flashed the BIOS and sent them out the door, only for them to return the next day with the same problem! Despite me trying to block that particular update, Microsoft forced it onto them again. I ended up just neutering Windows Update.

https://blogs.windows.com/buildingapps/2018/12/19/ introducing-project-mu/

I have another computer coming in tomorrow because it won't POST after doing a Windows update. I hope it's not another wrong BIOS update that caused it. Looks like I'm going to start neutering Windows Update again. Why can't Microsoft just leave sh*t alone and just issue security updates!?

 

[SAFCasper]

I'm 50/50 on this. I think pushing out BIOS updates automatically is a great idea. It always bugs me how BIOS updates are forgotten about because most users (and even techs) are scared of doing them. Some ancient myth that 1/10 will brick your motherboard! This leaves so many systems with open vulnerabilities and lacking performance/compatibility updates.

The reality is 99.9% of BIOS updates go through without a hitch so long as you install the correct version for your system.


Unfortunately, it sounds like Microsoft are up to their usual tricks of botching the process and not giving the user any control over disabling it.

So yeah.... good idea / bad implementation.

 

[Diggs]

I think pushing out BIOS updates automatically is a great idea.

..and I think it's a crappy idea. This is the BIOS. If something goes wrong it's not like the customer can put their recovery disk in and go again. It usually ends badly when a BIOS mistake is made and there are very few reasons to upgrade a good working BIOS.

 

[Your PCMD]

leveraged by Microsoft products including both Surface and the latest releases of Hyper-V

Project Mu is an active project. This is not a side project, mirror, clone, or example. This is the same code used today on many of Microsoft's 1st party devices and it will be kept current because it must be to continue to enable shipping products.
​

Nowhere in the article did it say for devices other than Microsoft's own. However lets assume you are correct, this feature should be able to be deactivated. I suppose the best thing moving forward is to educate your customer base about this feature, or Firmware as a Service (FaaS).

 

[YeOldeStonecat]

It always bugs me how BIOS updates are forgotten about because most users (and even techs) are scared of doing them. Some ancient myth that 1/10 will brick your motherboard! This leaves so many systems with open vulnerabilities and lacking performance/compatibility updates.

The reality is 99.9% of BIOS updates go through without a hitch so long as you install the correct version for your system.

Agreed...above 99.9% even. We always....always do BIOS updates whenever servicing computers. It's part of the normal tuneup process, and no new computer gets unbuckled and delivered without it, as well as servers on regular maintenance.

BIOS updates not only can fix prior bugs, but can increase compatibility with future things such as new hardware, or installing a new SSD, or future driver or even Windows updates.

I've been doing this IT game for >25 years, we ourselves have over 200 active business clients, we're in charge of over 3,000 end devices...the amount of BIOS upgrade/flashes I've done are....easily deep into the thousands probably with 2x digits in front of the comma (over 10,000)

...and I've had 1x BIOS flash go bad. It was on my own rig, a custom gaming PC with an Asus motherboard that I was flashing with a tweaked customized 3rd party (as in NONE factory by Asus) firmware. Certainly a very high risk case.

 

[Markverhyden]

Over blown. As mentioned this applies to M$ products. Besides, look at the logistics of this. The actual BIOS, whether it's legacy or UEFI, is created by the chip manufacturers and the motherboard/OEM. Each OEM used a different app to update these things. And UEFI, given the very high level of security, it doubtful that OEM's are just going to hand over the keys to the kingdom.

Now, might there be a rash of bricked surfaces? Entirely possible.

 

[trevm999]

I was curious if saphire misdiagnosed, but there are other reports of similar HP updates coming from Windows Update https://amp-reddit-com.cdn.ampproje...ws_update/?usqp=mq331AQGCAEoAVgB&amp_js_v=0.1

 

[Markverhyden]

I was curious if saphire misdiagnosed, but there are other reports of similar HP updates coming from Windows Update https://amp-reddit-com.cdn.ampproje...ws_update/?usqp=mq331AQGCAEoAVgB&amp_js_v=0.1

That article points to updates to Intel microcode. I've seen a few instances where customers said that their BIOS was "magically" updated. Turns out they were OEM machines with the OEM update utility turned on to auto update.

 

[ComputerRepairTech]

I think pushing out BIOS updates automatically is a great idea.

I disagree, we are talking about automatic bios updates without informing the customer? What if they think windows update has stalled and tries to restart the machine with the reset button? How long are they waiting on these bios updates before pushing these automatic updates? Not every bios update is without flaws, we don't encounter them often because they are usually resolved before we manually download them.

 

[nlinecomputers]

You can blame Spector for the need to do this. It is too big a hole for Microsoft to ignore.

 

[hjelpio]

Until someone figures out how to perform a rogue BIOS update........

 

[timeshifter]

Had this happen on a Dell XPS 13 about a year ago. As I recall a Windows Update made the machine unbootable. Dell support thought the machine was broken and wanted me to send it in for repair. I posted about it here. Somehow I was able to bring it back to life but don't recall all the details. But what I do recall was that something in the firmware / BIOS was messed up.

 

[fencepost]

Thinking about this, I'm not sure that the thought of professionally-developed community-reviewed UEFI firmware code is such a bad thing. I've heard some horror stories about what's out there right now in terms of code, so this might actually be an improvement.

 

[sapphirescales]

The problem with BIOS updates isn't that they aren't needed. The problem with BIOS updates is that they can cause PERMANENT damage to a computer! The worst a regular Windows update can do is screw up the OS. A failed BIOS update and destroy the motherboard. How do you think people are going to feel when I tell them that Microsoft ruined their computer's motherboard because they wanted to make their computer more "secure?" In a computer illiterate person's mind, it was working just fine before and now it's ruined. That's all they're going to think. I smell serious lawsuits in the winds.

 

[hjelpio]

Microsoft's recent track record when it comes to updates isn't exactly spotless. Neither is Apple's. Or Intel or AMD.

And, in my uneducated opinion: Adding a convenient way for Microsoft to update the BIOS means people will find a way to get access to that. We've seen software providers' updates/servers get hijacked. Like CCleaner. Rootkit at BIOS level would be all sorts of glorious.

And updating firmware/BIOS during bad weather or the slightest chance of a power outage? *shudders*

That isn't to say that updating a BIOS isn't necessary though. But if something goes wrong in the process then things are going to turn ugly quite fast. Most computers don't have dual BIOSes after all.

Also. Sometimes Windows updates appears "stuck" and people restart their computers. Now imagine them doing that during a BIOS update that absolutely shouldn't be interrupted.

 

[TAPtech]

Both Lenovo and Dell make nice, scriptable, massively deployable tools to update the BIOS of your fleet when you want to. I've been scripting this in NCentral lately and it's been great. They both also make tools to update BIOS only settings like WOL and power alarms. Good stuff!

 

[PcTek9]

I could post something useful if i wasn't laughing so hard. I wonder how this will play with things like computrace, and other such software at the bios level. Some bios seems to have associated information stored in the escd, so what happens if any of that gets erased an is needed? I'm sure my worry is needless, after all, it's MicroSoft. heheheeh.

 

[Cambridge PC Support]

It could be that the battery was getting low so that the CMOS settings got corrupted, one of them being the BIOS password flag. I doubt it, but it's not impossible.

 

[Galdorf]

Not only is it bricking computers but surface tablets as well i have seen this last 3 months the surface tablets were working perfect before the update then BAM nothing press power button nothing happens.

 

[johnrobert]

All I know is I get 50% of my income from M$ updates