As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs.
While not all vendors have patches available for vulnerable products right away, most have promised updates in the following months.
These BIOS/UEFI updates are part of a one-two punch to address the Meltdown and Spectre flaws that came to light at the start of the year.
Software patches at the operating system level have largely mitigated the Meltdown flaw, but both Microsoft and the Linux community said a firmware fix would be necessary to fully address the Spectre vulnerability.
Bleeping Computer users can use the links below to visit the download centers of their respective OEM provider and download BIOS/UEFI updates if their desktop, laptop, or notebook is using a vulnerable CPU and is listed as affected.
We'll try to keep the list up to date as much as possible. If your OEM vendor is not listed, or the download link goes 404 or is updated, don't hesitate to leave us a comment and we'll update the story as soon as possible.
Acer | Acer only lists vulnerable desktop, notebook, and server products. Says it will release firmware updates for server products in March. No timeline for desktop and notebook products. |
ASRock | The ASRock site is a mess. There's no central security advisory, and users will have to visit the "Latest BIOS Update" page and sift through the updates by hand. The good news is that there are a lot of recent BIOS releases containing Intel microcode updates dated after the Meltdown and Spectre disclosure. |
ASUS | ASUS says it will release BIOS updates for affected products by the end of January. |
Dell | BIOS updates are available for some Dell desktop, notebook, and server products. The Dell security advisory contains several other links to various products types. You can use this page as the central hub to search for what you need. |
Fujitsu | BIOS updates are available for some products, but not all. The security advisory contains multiple links to various product types. |
Gigabyte | Motherboard provider Gigabyte has released BIOS updates. Users will have to access the advisory, click on the motherboard series name in the list of affected table, and check for a recent BIOS update on each motherboard product's page. |
HP | BIOS updates are available for almost half of the HP products listed as vulnerable. |
Huawei | Huawei has only listed vulnerable products. Says an "investigation is still ongoing." |
Intel | Intel has released updates for most NUC, Compute Stick, and Compute Card products. |
Lenovo | Lenovo has the best advisory yet, with detailed tables for all affected products, including download links and upcoming BIOS download availability for each one. |
LG | There is no security advisory for the Meltdown and Spectre flaws. If readers spot one, please let us know in the comments. |
Panasonic | Panasonic said it aims to release BIOS updates for vulnerable PC models starting the end of the month and continuing through February and March. |
Microsoft | Microsoft has released UEFI updates for Surface products. |
MSI | MSI has released BIOS updates. |
Toshiba | Toshiba has not released any BIOS/UEFI updates just yet. The company lists affected products and an approximate timeline when it hopes to have updates available. |
Vaio | Some BIOS updates are available. More to follow. |
Comments
Exnor - 6 years ago
Thank you.
Amigo-A - 6 years ago
To speed up the installation of updates among users, need to release high-quality updates that INCREASE productivity of CPU and OS.
And will release an updates that reduce the performance - this any fool can make. :)
NickAu - 6 years ago
I cant see this working out. I can see a lot of unpatched and bricked machines.
1. The vast majority of PC users do not have a clue that Meltdown and Specter even exist, I have spoken to literally dozens of people whos reply was " huh whats that "
2. Of the ones that have heard about it none know what bios/uefi is let alone how to update it.
Remember we are dealing with average mom's and dads, that click on links open email attachments and generally have no idea about PC security.
pccobbler - 6 years ago
Intel has not released BIOS updates for its own motherboards, except for NUCs, Compute Sticks, and Compute Cards, because they are no longer supported. Intel is moving in the other direction, deleting content for motherboards from its website.
NickAu - 6 years ago
The fact that they are no longer supporting stuff is their problem not mine, I want my PC patched if not I will join a class action against them.
cat1092 - 6 years ago
I see that Samsung isn't on the list, no longer in the Windows computer business, may be best, us already devastated owners don't need more trouble, the UEFI code is rather fragile.
Being that Toshiba has exited the computing business after many years, the early ones good, they have no incentive to return & release new firmware updates for affected computers, many of which are long out of warranty. Therefore, am not looking for any intervention on their part.
Am very surprised and shocked that Dell doesn't have the XPS 8700 PC on their list, a model that with Haswell, had a great run of over 2 years (mid-2013-late-2015). Could be considered their best success (in sales) since the turn of the Millennium. That's why I find it to be very odd the model isn't on the list, many older & newer models are included.
They (Dell) also doesn't go back far enough, there's tens of millions of former corporate/business computers sold on eBay, in great shape, the Optiplex 780 being one popular model. Most of which shipped with Windows 7 Pro, now many are also running W10 & various Linux distros, these machines needs to be patched also.