10-14-2016 01:15 PM
The Lenovo System Update utility wants me to apply two updates which it flags as critical. One of these is a BIOS update to version 2.65. Oddly, the Drivers & Software page here lists different updates as "Critical". For example, it only offers me BIOS version 2.64. Since no one ever responded to my earlier question about a BIOS update, I am still using (legacy) BIOS version 2.52 and running Windows 8.1. The information I have found about the offered BIOS update to version 2.6x refers only to UEFI BIOS. Since I am using legacy BIOS, can I safely ignore it?
System Update also offers me a "critical" Power Management driver (which is also not listed as critical for my X230T on the support page), but in the details it says that it may not be needed. How critical is that?
Is the general philosophy of "never touch a running system" espoused by Lenovo telephone support justified, or should I be more aggressive in applying updates?
Solved! Go to Solution.
10-14-2016 05:17 PM - edited 10-15-2016 04:50 AM
What is the model type of your X230t?, ie 20F6?
I find a typo error on the support page for a X230T bios...
The ISO is gcuj25us.iso.
The update utility is gcuj25us.exe [support page states this is 2.64, which is wrong].
-> Both are version 2.65
The update is marked critical due to a security exposure in 2.64.
The readme, which you should read, states:
Security fix addresses LEN-8324 System Management Mode (SMM) BIOS Vulnerability
and some security fixes.
Lenovo Power Management Driver 09/07/2016 readme states:
Fixed Lenovo Platform Service high CPU usage issue.
It shows on the support page as "normal", but flagged "critical" in system update.
When a update is released to the support page, someone states normal/critical.
Then the update is sent over to SU quality folks to test further, and develop "SU install wrappers" for SU to use for the update. For this update, SU folks set the wrapper as critical.
Update your machine:
(1)If it aint broke, dont fixit. [all readme.txt state this]
(2)If a BIOS update readme states security fix, you should update it.
The update may fail; you could leave well enough alone, with the security exposure.
(3)Power management driver. Readme states high cpu.
You could leave well enough alone, if you do not experience high cpu.
Support page states normal; SU states critical.
The bottom line, read the readme.txt and decide what you decide to do with the update. As always, take a restore point before any SU/manual update. Always run windows backup to take an image backup before any change, also known as CYA.
I would suggest an image backup monthly, before any updates from Lenovo or windows update. ie, do both vendor updates after the backup.[This backup would cover your power management update, not your BIOS update].
Develop an update strategy for your machine. Take monthly backups of your image.
DO NOT run windows update or Lenovo system update without a backup.
I do not trust windows restore checkpoints. I will full image restore first.
I always update my BIOS manually. This is a VERY CRITICAL component of your machine. I prefer the .ISO method. Why? You can see exactly what is happening. Do this in a very controlled, attentive environment; not during a rain storm.
Your BIOS is from 2013.
I dont know your pc expertise.
As time permits, read the Hardware Maintenance Manual for your machine. The BIOS update page is fun to read. ie, BIOS update fails.. machine wont boot. workaround: boot block recovery. YIKES!
If this is scary, leave your BIOS alone or call the support center/reference a friend who can help.
Note: windows backup keeps ONLY 1 image backup. I am not fond of that. Use some other software, ie Acronis.
Note: I read you other post. The BIOS update is win7>win10.
Your BIOS is probably UEFI (with a Legacy mode option). My machine is NOT UEFI. It is fully legacy, ie normal at that time. I asked for your machine model #; this will clarify your BIOS type.
Power management is a no brainer. Keep a copy of your last installer.
10-15-2016 02:00 AM - edited 10-15-2016 02:04 AM
My X230T has the model number 3437CTO (CTO=Configured To Order).
I am running legacy BIOS precisely because of concerns about the security vulnerability of UEFI BIOS.
I have in fact read the readme for the new BIOS (more than once) and have the impression that the security vulnerability referred to is a UEFI vulnerability. The readme says that the security issue affects "System Management Mode". I have read the (self-referential) page, "System Management Mode (SMM) BIOS Vulnerability" but still have no idea what SMM is, do you? Does it relate to the Intel "Management Engine"? I have not installed the corresponding software, as it appears to be intended for enterprise management of laptops, and I am a private, stand-alone user.
The form of my BIOS ID (GCET92WW) is quite different from that of the offered BIOS (GCUJ25US). Perhaps this indicates that I have a "legacy only" BIOS? If not, why would I have been told that I would need to update my BIOS to install Win 10?
Your advice about backups is spot on, but the BIOS updates warn repeatedly that no rollback is possible.
The readme also warns:
Lenovo recommends to install the USB 3.0 driver for Windows (Version 126.96.36.199 or higher) prior to updating the UEFI BIOS. Because the UEFI BIOS requires the modification in the USB 3.0 driver to fix USB 3.0 related issues.
However, there is no hint how to identify the currently installed version. In Device Manager I find 17 USB devices. The only one with 3.0 in the name, "Intel USB 3.0 eXtensible Host Controller", has the version 6.3.9600.17393 and actually consists of two driver files, USBHXCI.SYS and UCX01000.SYS, both of which, however, show the version 6.3.9600.16384. Even though this driver identifies itsel as a Microsoft driver, the versions are too far apart for me to assume that this is the one referred to. System Information (msinfo32) shows no drivers with "USB 3" identification.
Add all of this to the uncertainty of whether this "US" BIOS version would even support my Swiss German keyboard, and I am very reluctant to make a change. Am I really exposing myself to a security risk by not updating?
If I am, how can I get the corresponding "WW" version of the BIOS instead of "US"?
10-16-2016 03:35 PM - edited 10-16-2016 07:33 PM
The USB 3.0 driver noted in the BIOS readme is for windows 7 only and from Intel.
The current windows 7 version from Intel is 188.8.131.52 or 4.x.x.x depending on your chipset.
You have the windows usb generic driver installed.
Intel statement of their driver:
Windows 7 installs do not support USB 3.0. You must download the support from elsewhere, ie Intel.
A simple update to the readme would help alot!.
GCUJ25US.ISO is the PACKAGE name of the BIOS installer.
It brings your BIOS ID to GCETA5WW after the install. Package version is 2.65.
You cannot downlevel this BIOS because it fixes security issues.
The bottom of this link lists all your machine BIOS IDs on the left; installer names on the right. If you click under the title link on your support page, this link will show.
Your current BIOS ID (GCET92WW) is package version 2.52, installer gcuj12us.iso.
Your keyboard language is probably set in windows, not the BIOS. I dont know.
You could try to access the German Lenovo support site and see if a German BIOS is available. What language is your current BIOS using?
All windows OS, 8 and above require a UEFI BIOS on NEW machine builds. You have a UEFI BIOS, using the legacy mode option. I have old school BIOS, win 10.
a simple GOOGLE search of "184.108.40.206" answers most of your question.
10-16-2016 08:54 PM - edited 10-17-2016 06:40 AM
Bricked BIOS occur alot lately.
I would leave well enough alone. Your concerns are valid.
10-25-2016 12:16 AM
Many thanks for all of the useful information!
In particular, your tip about PACKAGE versions as opposed to BIOS versions was very helpful. Thanks a lot!
You are right about the keyboard language. In the BIOS "Y" and "Z" are reversed. I am so used to this problem (BIOS only set up for US keyboard) that I had forgotten about it. Since I am a native English speaker and used to the keyboard problem, I am content to stay with the English language BIOS.
You are also correct in assuming that I am using a UEFI BiOS in legacy mode. In view of the security problems with UEFI, I would be more comfortable with an "old school BIOS". You say that you have one on a Windows 10 machine, but Lenovo says that update to UEFI BIOS is required to upgrade OLD machines to Windows 8 and above. How did you manage to keep your legacy BIOS?