14 DAY TRIAL // Dell is the latest company to join the Meltdown and Spectre update fiasco, as it rolled out an advisory for its customers to recommend against installing the latest security patches that address the Spectre variant 2 vulnerability.
In a tech document published on its website, Dell EMC explains that users who haven’t yet installed the latest BIOS updates are recommended to delay deployment, while those who already did it should try rolling back to the previous version.
Dell says the problem resides in the security updates shipped by Intel and included in its own firmware updates, which could cause reboot issues and system freezes. The company has already pulled the affected BIOS updates, as it’s working on new versions to address the problems.
“Intel has communicated new guidance regarding ‘reboot issues and unpredictable system behavior’ with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel,” Dell says.
Operating system patches working as expected
The Spectre (Variant 1) and Meltdown (Variant 3) updates are not affected by the said bugs, Dell says, and users are recommended to install the operating system patches as soon as possible.
In the meantime, the firm advises users to apply the typical security practices, like staying away from sites and content coming from unknown and untrusted sources.
“Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, and following secure password protocols,” the firm says.
The full list of devices whose performance could be impacted, the affected BIOS version, and the previous BIOS version that customers should downgrade to is available in this Dell knowledge base article.