Feb 14

Spectre and Meltdown – Revert back to a previous BIOS version (Dell)

Hi, with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. They have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel. If you have already deployed the BIOS update, in order to avoid unpredictable system behavior, you can revert back (downgrade) to a previous BIOS version (tables of BIOS updates for Dell PowerEdge Server Products). The BIOS can be updated using the iDRAC…

Basically, yesterday I checked the version on a PowerEdge R440 Gen14 server over an infrastructure project. The BIOS version was in 1.2.71… It had just come out of the factory and may be installed during the recall by Dell end of January. As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715. You can check the table below and if you are concerned by the impacted BIOS updates, you can following the step by step guide to revert back to a previous version further down in this article:

Cause:

In order to avoid unpredictable system behavior, you can revert back to a previous BIOS version.

Revert back to a previous BIOS version (downgrade):

First, open your browser and access to your iDRAC console via IP address. In case you don’t know the default login details for a Dell iDRAC card are generally “root” and a password of “calvin”, modern versions of iDRAC require you to change the default login details when setting it up. Note: Last servers in “Generation 14” have new graphics interface in HTML5 (iDRAC 9). So, click on “Maintenance” menu, “System Update” and “Manual update“. Then, click on “Browse…” button and select the .EXE file corresponding of the target BIOS version (for example: BIOS_DT5JM_WN64_1.2.11 for v1.2.11). Important: You can find the driver corresponding to the recommended BIOS version by using the Service Tag of the server on Dell Support (Drivers and Downloads) website. You can download the BIOS version 1.2.11 (February 2018) here: Server PowerEdge R440 R540 and T440 and Server PowerEdge R740 R740xd R640 R940 7920R.

Click on “Upload” and “Install Next Reboot” buttons.

The new driver is staying in the background until next reboot of your server. So, you can reboot it and the updating BIOS will be processed automatically. This can take a few minutes. Important: Don’t’ power down the server!

Finally, you can check the new BIOS version from iDRAC interface:

For more information regarding these vulnerabilities please visit security advisories posted by Intel, AMD, Microsoft and VMware.

 

Spectre & Meltdown: Patches are being recalled by VMware & Dell EMC – Veeam’s feedback

Spectre & Meltdown: Patch Virtual Machine (Guest OS) too! here!

Security – Spectre and Meltdown overview here!

Ransomware – Protect your Backup Server Guide!

 

Advertisement

Leave a Reply