How to find and install BIOS updates on your computer - gHacks Tech News

How to find and install BIOS updates on your computer

The recently discovered Spectre and Meltdown vulnerabilities can only be patched fully with BIOS updates. Depending on your system, you may have installed the operating system, web browser and other software updates already to reduce the attack vector of potential attacks targeting the vulnerabilities.

It is necessary however to update the BIOS as well. While BIOS updating improved over the past decade, it is usually not as easy as using an automatic update system to install updates.

Here is the rough outline if steps when it comes to BIOS updates.

  1. Identify the manufacturer and model of the motherboard and BIOS.
  2. Search the manufacturer's website for BIOS files.
  3. Find out how the installation process works and install the update.

Identify the maker and model of the motherboard

identify motherboard

You have a couple of options to identify the motherboard. You can check out the motherboard ID in the BIOS (usually), by opening the PC and looking on the motherboard directly, or by using a software program like Speccy.

Note: Speccy does a good job usually but if you want to be 100% certain, open the case and locate the motherboard ID on the motherboard.

Download the portable version of Speccy and run it after download and extraction. A 32-bit and 64-bit are provided, and motherboard information is displayed on the start screen of the application directly.

The screenshot above shows the name of the motherboard (MSI Z170a Gaming Pro Carbon) and the ID (MS-7a12). It is the ID that you need when you search for BIOS updates.

Search the manufacturer's website for BIOS files

download bios update

Now that you know the ID you use it to find out whether BIOS updates are available. Either visit the manufacturer's website directly or use search terms such as ID BIOS update to find specific support and download pages directly.

You end up on a page like this. The MSI support page serves as an example for the remaining procedure. Check the release date of the latest BIOS release. MSI has not released an updated BIOS, yet that addresses the vulnerabilities.

The BIOS update is available for other Z170A motherboards already, however, for instance, the Z170A MPower Gaming Titanium. But, you cannot use those.

Download the latest BIOS file to your local system. If an update is not available yet, bookmark the page and return to it regularly to download it once it is released.

Tip: use the BIOS updates listing over at Bleeping Computer for easier access to BIOS updates for many major manufacturers.

Find out how the installation process works and install the update

The next step depends largely on the manufacturer. MSI uses a system called M-Flash that is part of the BIOS. Instructions on updating the BIOS are usually provided on the support page or as a text document that is included in the BIOS download.

The MSI support page links to a PDF document with detailed installation instructions and a video on YouTube.

  1. Extract the downloaded archive and copy the files to a USB Flash Drive.
  2. MSI users need to boot into BIOS. How that is done is listed at the start of the system. For MSI motherboards, it is the Delete-key that you need to press to enter the BIOS usually. Monitor the screen to find out the right key for your system.
  3. Select M-Flash when you are in the BIOS.
  4. Pick "Select one file to update BIOS and ME."
  5. Select the USB storage that you copied the BIOS files to.
  6. Select the BIOS file that you want to be installed (there should be only one).
  7. Wait for the process to complete. Don't remove the USB Flash drive or power off the system while the upgrade is in progress.
  8. The machine is reset automatically.
  9. Enter BIOS again and check the BIOS version to verify that the update was applied correctly.

You may also Flash by booting into DOS and installing the BIOS file from there. This depends on whether the necessary DOS executable files are supplied with the BIOS file or available elsewhere on the manufacturer's website.

The process may be different if your machine's motherboard is from a different manufacturer or uses a different BIOS type.

Now You: Have you updated your machine's BIOS already?

Summary
How to find and install BIOS updates on your computer
Article Name
How to find and install BIOS updates on your computer
Description
The recently discovered Spectre and Meltdown vulnerabilities can only be patched fully with BIOS updates. Find out how to identify if updates are available and how to install these updates.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. AnorKnee Merce said on January 18, 2018 at 1:36 pm
      Reply

      BIOS firmware updates for CPUs apply to Windows and MacOS, while Linux may use microcode software updates.
      … If the BIOS firmware for your computer’s CPU has been updated, you do not need to apply the Linux microcode software update.

      Wrt Meltdown & Spectre, the BIOS firmware and microcode software updates for CPUs are to patch Spectre 2(= CVE-2017-5715), for both 32bit and 64bit systems.

      Wrt the Spectre 2 vulnerability, Intel has announced that they are beginning to only patch CPUs that are not more than 5 years old, ie 3rd-gen Ivy Town(= Xeon) and 4th-gen Haswell or newer.
      … Patches for 3rd-gen Ivy Bridge will be released by Intel later.

      Meltdown is patched by the OS.

      Spectre 1 is patched by the OS or apps/programs, eg browsers.

      Spectre 2 is patched by the OS and CPU.

      On 4 Jan 2018, M$ have issued Windows patches for Meltdown, Spectre 1 and Spectre 2. But M$’s Meltdown patch does not yet cover 32bit Windows.
      … As of today, Ubuntu have only issued the 64bit patch for Meltdown. Most browsers have been patched for Spectre 1.

      How to install BIOS firmware updates for non-MSI computers.?

      1. dark said on January 18, 2018 at 6:14 pm
        Reply

        Good to know that with Linux, bios updates is pretty much optional.

    2. herman said on January 18, 2018 at 1:53 pm
      Reply

      When you use BitLocker on your hard drives don’t forget to turn if OFF before you are going to flash a new BIOS.
      I am not 100% sure but it may be wise to disable a TPM chip too (when present on your motherboard).

    3. herman said on January 18, 2018 at 2:01 pm
      Reply

      When you use BitLocker on your hard drive(s) please don’t forget to switch it OFF before flashing new BIOS firmware.
      I am not 100% sure but it may be wise to disable the TPM chip on the motherboard too prior to flashing.

    4. Mark Hazard said on January 18, 2018 at 2:48 pm
      Reply

      Thanks for this Martin. I wondered how to update my BIOS. My problem is that my motherboard was made by Samsung, and they no longer make computers. They don’t have a computer support site that I can find, so I am stuck. My computer is 5 years old, but I would rather keep it a couple of more years.

      1. Martin Brinkmann said on January 18, 2018 at 3:07 pm
        Reply

        Yes, that is a big problem. There is little that you can do about it unfortunately then.

        1. Sophie said on January 18, 2018 at 3:35 pm
          Reply

          Very helpful, but worth noting that every system is going to have variances and differences….and that a procedure like this is way way above what most people would be likely to do, understand or carry out properly. Even those who are familiar with such things (I’ve not done this since DOS boot-floppy days!) will likely have a racing heart of anxiety! I know I would, and I consider myself reasonably good with such things.

          Also consider that for the vast majority of users, they don’t look up articles, read stuff, etc….and the most they may have heard about these vulnerabilities was a news-flash a couple of weeks ago, that then faded, that they then forgot about.

          What I think we are looking at therefore…..is that the vast majority of PC users around the world will be able to do very little about this, and only as new hardware is produced and sold in the form of a new device or PC, will the issue very slowly get resolved.

        2. Sophie said on January 18, 2018 at 3:41 pm
          Reply

          Also Martin, does not UEFI and secure-boot and all that sort of thing only serve to make matters just a little more difficult?

          I can’t imagine it makes it any easier.

    5. Maou said on January 18, 2018 at 4:08 pm
      Reply

      It’s a big problem for old hardware, most of then will never receive BIOS updates, so Intel may sell more in the end or AMD, for those people wanting more security.

      I’ll wait for the dust to settle, before thinking of getting rid of my too laptops with Intel cpus.
      But one thing is certain, my next laptops and desktops will be all AMD.

    6. Gerard said on January 18, 2018 at 4:32 pm
      Reply

      Updates from Asus, and numerours other suppliers, apply only to more recent mainboards and chipsets. Users with older, but still perfectly working hardware, are left in the cold. As is usual with greedy corporations who are more interested in selling new products than in providing decent long-term service and showing respect for customers.

    7. Tom Hawack said on January 18, 2018 at 4:52 pm
      Reply

      Who will be the happy few to update their BIOS?
      All this chaos because chip manufacturers have always privileged speed to security, now we face the core of computing devices, that of the OS with the Kernel, that of the computer with its BIOS, after having to deal with ads, trackers, malware, great inventions as well but always grabbed by the ad industry to make them privacy/security destructive weapons.
      I’m fed up. I’ll keep the PC running until it gets invaded then it’ll be bye bye computers, bye bye smartphones, bye bye tablets. Computers,the digital world is becoming in my regard more a source of stress than a tool of comfort.
      This whole damn urban planet is nuts, even TV, radios, medias, always the same craps repeated, copied, imitated. On the road to a world of consuming robots.
      I’ve really had it. There’s another world, made of true non-virtual friends, music by instruments which require no power, books of paper, food of gardens free of industrial poisons… I wonder if I’m not becoming aware only now of this planet’s madness.

      1. Sophie said on January 18, 2018 at 5:06 pm
        Reply

        @Tom – wow! I really get your thoughts on this………especially the very last part….[There’s another world…..+]

        I second this, even though I love tech….. a world that pares back to basics, essentials, life, friends, family and love……..HEART.

        A world that has no Ad-Tech, no Facepoop, and big corporations are brought under control.

        A world with no Twitter……….and no orange-haired man to Tweet.

        Ahhh…………now where was I, let me get back to my PC!!!! :)

        1. Tom Hawack said on January 18, 2018 at 7:00 pm
          Reply

          @Sophie, I don’t know if I love tech as you do, but I do like it as long as it serves and far less when the user serves it. The time required for “maintenance” is too considerable. I cannot leave a device off, move out of the urban area to rediscover nature and reality, taste that ‘tapenade” you mentioned from your souvenirs of France, forget a world as Chet Baker would sing it in “Let’s Get Lost” and come back from that journey to paradise without discovering a device lost as well because a digital week is worth a real-life year, everyday its lot of updates, alarms, the latest cyber threat and so on. It’s not a matter of heart, love, more in my perspective a matter one’s philosophy in and of life.
          Years go by. More we have behind more we compare and also more we start thinking of what we’ll do a third tiers or fourth quarter. The amount of Web-related, computer-initiated trouble may very well make me consider that fraction as a farewell to a non-life, that of an increasing domination of what I consider as mad, to a true life which would cut the bridges, totally, with anything to do with power, inflation, production, more and more and more quantity, less and less quality, speed, competition, efficiency… to rediscover the tempo of nature and life.
          That’s all. This being said, I guess the article, which is worthy as always, just triggered not a nervous but rather of I may say philosophical breakdown.
          It isn’t the place and as I too often allow myself, I’ve slipped towards a personal complaint, totally off-topic. Being at this point out of the subject is exceptional. I won(t make it a habit, at least not to that point of digression. I guess I just had to write it. Friends would have knocked at the door just before that I would have avoided this, most likely.
          Anyway, life goes on. That’s where I get thinking of the heart you mentioned, which exists everywhere.

        2. Sophie said on January 18, 2018 at 9:22 pm
          Reply

          @Tom — I read this very carefully, and three times too….

          Your words…..”to rediscover the temp of nature and life” quite possibly stand out the most.

          There really is heart in everything, in fact….we, as a family, have a saying….though I do believe it was quote by another, not us:

          Does this path have a heart? [is there true meaning to that direction]

          Well………if it does, take it, and life can speed past at its relentless pace, and not necessarily always carry us with it.

          Thanks for remembering the tapenade.

      2. Fedup said on January 18, 2018 at 5:19 pm
        Reply

        I agree. Right on.

      3. John in Mtl said on January 18, 2018 at 7:20 pm
        Reply

        I second all of that!
        And yes, the techno-industrial world really is going off its rails. But have no fear… “they’ll think of something” LOL NOT !

        I spent my life in tech and have been retired for a whole year now. I’ve had a taste of a simpler life now and even tho I do keep abeast of tech news, I find that I yearn more and more for the simple and uncomplicated pleasures in life. Don’t need any tech or a battery for that!

    8. dark said on January 18, 2018 at 5:22 pm
      Reply

      Meltdown and Spectre cannot be patched fully even with bios updates, the only way is to replace CPU with unflawed CPU.

    9. Dave said on January 18, 2018 at 5:44 pm
      Reply

      MSI has been horrible in communicating with it’s cusomers about all this. They still don’t have a sticky about it in the forums and those forums are moderated only by users like us who are as much in the dark as we are with no interaction from any actual MSI employees.

      The only source of information for MSI is the https://www.msi.com/news/motherboard/ page or you can keep checking the page for your specific motherboard every day hoping one day to find a new bios to download.

      I have read in the forums that some people have been given access to a “beta” bios download by contacting support directly. One such user has the same MB as I which supports a dual bios feature. I haven’t pursued this route as I feel the words Beta and Bios should never be used together LOL

    10. Clairvaux said on January 18, 2018 at 6:26 pm
      Reply

      Before this happened, most experts advised against updating your motherboard BIOS, unless absolutely necessary. The chances to get it wrong and brick your PC are significant.

      Not to mention that there is not always a way to undo the change. I updated my BIOS several years ago with great anxiety. With my Asus motherboard, there’s no way to go back. At the time I did the upgrade, there was one version of the BIOS on Asus official website which was said by many users, on the forum, to be buggy. It was likely it would break your PC. Of course, it was the last version. You had to install the prior version.

      There were two or three different official tools available to do the upgrade. One of them was supposed to work under Windows (so, more convenient). However, all experts strongly advised at the time against upgrading under Windows : the risk of failure was too high. But Asus kept providing the tool, and said nothing about the risks.

      Now, the general public has heard about those vulnerabilities on TV, and they are supposed to upgrade their BIOS ? A move that used to be discouraged, even for power users ?

      1. dark said on January 18, 2018 at 6:34 pm
        Reply

        Motherboard manufacturers should replace Bios flash chip with Micro SD Card. Imagine burning Bios to spare Micro SD Card like burning ISO to USB and then turning off PC and replacing the Micro SD Card with another Micro SD Card that has updated Bios in it. This will make updating Bios tons easier and bricked motherboards will become history.

        1. John in Mtl said on January 18, 2018 at 7:24 pm
          Reply

          Many board manufacturers have incorporated a failsafe for years – it is much harder now to brick your BIOS than it was, say, 10 years ago and earlier.

    11. Clairvaux said on January 18, 2018 at 6:31 pm
      Reply

      *

    12. Kubrick said on January 18, 2018 at 6:55 pm
      Reply

      i am going to chance it and leave the bios alone.i did flash the bios once when i ran windows and it was an anxious experience and i was edging my bets if it would work but thankfully it worked out ok.
      i have no idea how to flash a bios when i use linux.
      From what i can gather this is a local access exploit at the moment and javascript control will help.
      i am currently using google chrome as my default browser with recommended security settings.

      although i do find it odd that after a decade or so this flaw has suddenly come to light now.It does make you wonder what other flaws are extant and whether its just intel who are effected.

    13. Oxa said on January 18, 2018 at 7:39 pm
      Reply

      Lenovo’s update system automates all of this.

    14. Tom said on January 18, 2018 at 9:29 pm
      Reply

      When was this discovered?
      I updated the Bios but it was from 2017.12.19

      Description
      – Improve NVME compatibility.
      – Update micro code.
      – Improve USB 2.0 device can not work properly after resume from S3 mode.
      – Improve memory compatibility.
      – Update Intel ME for security vulnerabilities

    15. Bobby Phoenix said on January 18, 2018 at 10:43 pm
      Reply

      Luckily for HP uses who have the HP Assistant they automatically notify you of a BIOS update, and if you accept it, they do all the work. I’ve had two updates since getting my computer in April 2017. All went smooth. I did update once manually on an old Dell years ago, and like others, I was worried something could easily go wrong. Thankfully it didn’t.

    16. A different Martin said on January 19, 2018 at 7:40 am
      Reply

      Well … I’m boned, and my dad is two-thirds boned. Lenovo isn’t going to issue an updated BIOS for my ThinkPad T510, and Dell isn’t going to issue updated BIOSes for his Latitude E6500 and E6510. All three are durably built business-class laptops in perfect working order, but apparently that doesn’t count for much in Lenovo’s and Dell’s end-of-life calculus. I believe my dad’s one-year-old ThinkPad X1 Yoga already got an updated UEFI; it passed the Meltdown/Spectre test, at any rate. A friend of mine is still waiting on updated UEFIs for a three-year-old ASRock motherboard and a two-year-old MSI motherboard, but at least there’s still some hope that they might be forthcoming. Is updating a BIOS or UEFI to guard against Spectre *really* that much work? Or is it more a question of “fortuitous obsolescence”?

    17. fae said on January 19, 2018 at 11:34 am
      Reply

      pfft.. my z170 pro gaming from asus still hasn’t shown the new bios. a few of the z170 asus boards have the new bios.. but not all. skylake isn’t that old.

    18. fae said on January 19, 2018 at 11:36 am
      Reply

      when was it discovered isn’t so relevant, as i don’t think any bios released before disclosure (just after new year) has the new microcode fix. and there’ll be even more microcode updates down the line (with some luck) to fix the fixes.

    19. awd said on January 19, 2018 at 11:39 am
      Reply

      where do you shove that sd card? wouldn’t that be a security nightmare in of itself?

    20. Rick A. said on January 19, 2018 at 3:15 pm
      Reply

      My Laptop was BIOS 1.07. So i checked the Laptop manufacturers website and BIOS 1.11 was available. i read the “Read Me” in the folder i downloaded and it said to run the BAT.File. So i clicked it and a window popped up with a bar that filled up to green. After it filled up the Laptop turned off, i turned it on and it said “Restarting”. After it restarted it launched normally and i was like “PHEWWW”, lol. i checked and the BIOS is 1.11. This Laptop was originally Windows 7 that played videos like crap because of bad Graphics Drivers that were never gonna get upgraded after AMD abandon the Graphics WAY to early. Since i upgraded it to Windows 10 i have never had any problems playing video, and since Firefox 57 i can play Video so much better. The only thing i can attribute this to is that i haven;t been able to run the AMD Catalyst Manager since upgrading to Windows 10. i guess that had something to do with my Video problems on Windows 7. if anybody knows please respond.

      Also, my new BIOS 1.11 is the newest version but still old from like 2010 i think and it will probably never get another update but i’ll keep checking once in a while in case Acer ever does release one for this Spectre / Meltdown BS.

      But if anyone can tell me this also, will there be any improvements with this new BIOS version? As in video improvements or anything? Even if i can notice it, by the naked eye so to speak?

      Thank You in advance !

    21. TelV said on January 21, 2018 at 11:45 am
      Reply

      Haha….the ‘latest’ BIOS update for my Acer machine is 2014/04/28

      Acer does however have software to detect hardware: https://global-download.acer.com/SupportFiles/Files/HWID/APP/HWVendorDetection.exe

      1. Rick A. said on January 21, 2018 at 8:45 pm
        Reply

        “Haha….the ‘latest’ BIOS update for my Acer machine is 2014/04/28” – lol, the Latest BIOS update available for my Acer Laptop is from 7/23/2010.

        it’s version 1.11. When i checked mine it was 1.07, so i went ahead and installed it. Luckily everything went fine.

        1. TelV said on January 22, 2018 at 10:49 pm
          Reply

          Yeah, mine is out of date too if you want to call it that, but I’m always wary about updating the BIOS if the machine is working optimally. To quote the old saying: “If it works, don’t fix it”.

    22. TelV said on January 21, 2018 at 11:52 am
      Reply

      Oh, forget about the so called Acer ‘detection software’ I just mentioned. I just ran it myself and all it does is tell you the name of the vendor for Bluetooth, LAN, VGA and Wireless LAN. Next to useless for identifying the MBD.

    23. chesscanoe said on January 23, 2018 at 4:22 pm
      Reply
      1. chesscanoe said on January 23, 2018 at 8:55 pm
        Reply

        Intel currently says in part “We recommend that OEMs, Cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions on the below platforms, as they may introduce higher than expected reboots and other unpredictable system behavior.”
        See this frequently updated site
        https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

    24. Joppe said on February 17, 2018 at 8:34 pm
      Reply

      Does anybody have this problem that the MSI’s site list of bios files won’t load? Is there an about:config edit I have done that may have impacted this? I’ve tried to allow everything in noscript and ublock.

      1. A different Martin said on February 18, 2018 at 11:02 am
        Reply

        When I run into pages or sites that just won’t load or work in Pale Moon, Firefox ESR, or Firefox Quantum, no matter what I try, I just swallow my aversion and load them in Google Chrome.

        1. Joppe said on February 18, 2018 at 1:41 pm
          Reply

          Thanks, ended up doing that.

    Leave a Reply