PDA

View Full Version : BIOS updated by itself...?



gitkeeper
01-17-2019, 09:01 AM
Hey all,

Trying to understand if there is any way the bios on my 703GS Scar laptop would update itself without prompt.

I ask because:

I left my house today for 3 hours, leaving the laptop in the lock screen
I came back to find my bios password prompt, indicating the machine had restarted
After putting the password in, the machine restarted, and re-asked for the password
After entering it a second time, I progress bar and bios updating message came up
After two more bios passwords (self reset in between), windows is back up and running.


I haven't installed the Asus bios flash windows utility on this fresh windows install. Nor did I ever download a bios update for this machine.

I'm like 90% sure my roommate's been messing with my lappy - this kind of confirms it...I was just hoping someone might point out that our laptops just reflash their bios by themselves sometimes so I can stop worrying here.

Thanks in advance for any advice.
k

gitkeeper
01-19-2019, 01:44 AM
Hey all,

Further to my post, the current BIOS version is now 307
The support page for my machine GL703GS only lists 305 and 306 for download.
I downloaded WinFlash which lists 306 (11/14/2018) as the latest version.
The build date is apparently 10/17/2018 for this 307 version, while the build date for the downloadable 306 version is 11/14/2018
WinFlash will not update back to 306, claiming it is 'older' despite having a later build date than 307


Does anyone know of any way this is legit, ASUS or Windows behavior?

Please, any insight here is greatly appreciated.

k

gitkeeper
01-22-2019, 12:20 AM
So I contacted Asus support. They informed me that Windows Update will install BIOS updates. ..crazy right?

Also, they confirmed that the 307 version is theirs, but has not been pushed to the support site yet.


Im a bit surprised Windows Update can start a firmware upgrade like that!

thr23
01-23-2019, 02:29 AM
i'm just curious, but can you see the relevant entry in your Windows Update history?

gitkeeper
01-30-2019, 02:07 AM
Yup, I did end up finding it in the windows update history.

Asus also confirmed that Windows can do this, and that it's normal for UEFI updates to be pushed before they're available on the Asus support page.

Not fully convinced the UEFI wasn't compromised though. Hoping to find some insights on cleanly wiping and reinstalling a known-good asus version.

JustinThyme
01-30-2019, 03:08 AM
Please list the update. Ive personally not seen this and such an update would kill my machine and corrupt data. The only machine I know of that does this is Microsoft Surface which stands to reason as there is nothing you an do in their firmware. Other machines that require specific set up cannot just be done by pushing it, it could cause a bricked machine and loss of data.
List KB number so we can research it.

I just researched it on M$ and the only way its done through updates is CFU which is basically an admin function so if you got it somone did it, not automatic windows updates. Good for corporate IT

https://blogs.windows.com/buildingapps/2018/10/17/introducing-component-firmware-update/

gitkeeper
01-30-2019, 09:11 AM
Justin, I really appreciate your insight.


The machine is an GL703GS laptop. After having some accounts hacked and noticing a lot of CPU and network usage at idle, I replaced the M.2 drive with a Samsung evo 970 and a fresh installation of Windows. There were no ASUS Live or other update programs on the machine...in fact after the install, everything ran amazingly without having to download a single driver.

As my OP reads, I came home one night to the computer which had been reset (a common occurrence at this point). It prompted the BIOS password, which I enabled recently. After entering it and it immediately restarting, I entered it again and it "updated" the firmware.

Opening UEFI read:
Version 307
86.04.7C.00.24 N098GL703GS.001
FOCF0901.00B


I do remember looking at the windows update list and seeing something along the lines of "system firmware" with a corresponding timestamp.

Asus said (paraphrasing)
It is quite likely for Windows automatic updates to prompt a BIOS update if not the Asus live update tool. I also see that BIOS version 307 is not yuet updated on our support site for a manual update. This is actually normal. At a later date, our site will be updated as well.


If anyone knows how to set the lock bit to prevent software from accessing the SPI flash writer, I'd be so thankful.

gitkeeper
01-30-2019, 09:12 AM
Please list the update. Ive personally not seen this and such an update would kill my machine and corrupt data. The only machine I know of that does this is Microsoft Surface which stands to reason as there is nothing you an do in their firmware. Other machines that require specific set up cannot just be done by pushing it, it could cause a bricked machine and loss of data.
List KB number so we can research it.

I just researched it on M$ and the only way its done through updates is CFU which is basically an admin function so if you got it somone did it, not automatic windows updates. Good for corporate IT

https://blogs.windows.com/buildingapps/2018/10/17/introducing-component-firmware-update/

When the machine gets back in a couple days, I'll put the EVO970 back in, load up windows and hopefully get the KB number and screenshots of the update history.

ThrashZone
01-30-2019, 01:41 PM
Hi,
The only report of bios getting flashed by windows was someone that did it manually in device manager on the firmware
Not exactly the same as windows doing it automatically.

Always interested though in reports since I use older bios on both my systems they work better and cooler.
x99=2101 really old
x299=1301

gitkeeper
01-30-2019, 07:23 PM
https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation


Whoa....so UEFI can install a virus to your windows installation...as it installs?

gitkeeper
01-31-2019, 07:36 PM
Ok, laptop back from RMA today to my office.

GL703GS

Fired it up (looks great, previous display artifacts completely gone after the panel was reportedly replaced. And this panel has no backlight bleed!!)

Went to shut down: says it wants to install updates. Guess it found some when it connected to the internet at my work.?

Looking at pending updates (verbatim):

ASUSTek COMPUTER INC. - Firmware - 10/17/2018 12:00:00 AM - 10.1.2.307
Status: Pending Install

2018-10 Update for Windows 10 Version 1803 for x64 based Systems (KB4100347)
Status: Pending restart

[Restart now] _Schedule the restart_


I delayed updates and convinced it to shut down into UEFI without the firmware install.

My current firmware is :
Version 307
86.04.7C.00.24 N098GL703GS.001
FOCF0901.00B


Can anyone validate either the current version, or the fact that windows update has queued another firmware update?



---Im super concerned that windows is pushing firmware updates to my machine!!! No one I've spoken to with experience in IT says this is normal.

Can anyone shed some light, provide guidance, or point me to a place to get some piece of mind?
Asus support was unable to help, only commenting (this time) that Windows should not be able to push firmware updates.

Ultimately, I'd like to first wipe and reinstall all UEFI instances, and then install a clean M.2 drive to install clean windows on. Is this possible??

Abaidor
01-31-2019, 10:53 PM
Why don't you flash your BIOS with a fresh copy OFF Asus site? Something sounds not normal here...

gitkeeper
02-01-2019, 07:19 PM
Why don't you flash your BIOS with a fresh copy OFF Asus site? Something sounds not normal here...


Done and done.

I do wonder what persists through a reflash though....clearly it doesn't wipe the entire flash. UEFI has provisions for persistent anti malware modules for example. And apparently provisions for persistent drivers and for example the asus armory crate. Not to say these things are bad, but is this functionality being exploited by keyloggers or other malware? Could someone with access to the SPI flasher flash a module that survives the EZFlash program?

cah4e3
02-02-2019, 05:37 AM
i agree with @Abaidor => HW just CAN'T update bios by itself (it's not windows or your basic A/V (OFC. if you have secure boot enabled - and as far as i understand => it's enabled)...
you said some things about uefi flash, that makes we vonder => are you serious or just troll?? ( want to belive 1-st, but really think - 2'nd)...

Pir8pete
02-02-2019, 10:18 AM
windows updating the bios is fine, jezzz ppl your getting all worked up over nothing, let it go

gitkeeper
02-04-2019, 04:50 PM
Nope Im serious.

Windows keeps updating firmware.

I installed the recent firmware manually from the site (version 307, release date 1/29/2019). I did this on Feb 1st using EZFlash

Now I have any entry in Window Update history:

ASUSTek COMPUTER INC. - Firmware - 10/17/2018 12:00:00 AM - 10.1.2307
Successfully installed on ‎2/‎3/‎2019


Im not trolling here. I have spoken with Asus about it multiple times via web chat and email support. Three of Four support agents have said Windows can push firmware updates.

gitkeeper
02-04-2019, 04:54 PM
you said some things about uefi flash, that makes we vonder => are you serious or just troll?? ( want to belive 1-st, but really think - 2'nd)...

What was said about the UEFI that makes you think Im trolling here? If Im missing something Ive be grateful to learn

ThrashZone
02-04-2019, 07:31 PM
Hi,
Only item MS pushes is Intel micro codes
Included in bios updates too but very different only written to disk not bios editing.
Restore a system image and the micro code goes bye bye too.

gitkeeper
02-04-2019, 11:29 PM
Well, I watched with my own eyes my BIOS update after returning home. Only reason it didn't do it without my knowing is the BIOS password is installed so it couldn't start until I entered it.

But the laptop had no Asus Live software on it, and I definitely did not request the update. Nevertheless, it re-wrote the BIOS. No troll.

Maybe you could open your own ticket with Asus and ask if this is possible, because multiple Asus support employees have now told me BIOS updates are delivered via Windows Update and that this is normal and I shouldn't be alarmed.

I just hate the idea of a compromised windows install leading to your BIOS getting hacked. I've searched pretty hard and cant find a way to rewrite the entire BIOS image without sending it back to Asus (ok fine). But I also cant find any information on setting the write-bit to disabled to prevent software like windows from accessing the flash writer.

Masenshi
06-04-2019, 04:43 AM
Hi, just want to share my experience in case there are other users come across this thread from Google search.

The OP didn't lie, the same thing happened to me on my Asus X550VXK laptop.

I don't have Asus Live Update on my system, but Windows Update can automatically push the BIOS. I left my laptop powered on last night, then when I woke up it's already rebooted. When I checked Windows Update history, I found Asustek Firmware 10.1.2.307 already installed. Rebooted and open up my BIOS, it's already updated to 307.

gl703ishot
06-14-2019, 05:36 AM
Same happened with me today. Bios update was installed on my GL703GE by itself, after that notebook had 3x bootloop. I was super spooked after this happened :mad: . Hopefully everything works fine after that. I also checked Windows Update history and found what asustek computer inc. - Firmware - 10.0.16299.316 was installed :).
Any suggestions how to prevent this? Thanks

Emperor-leoberti
10-25-2019, 10:53 AM
Guys.

I also have this problem. Windows is installing the firmware update (BIOS) on my laptop by itself.
I have a SCAR III G731GW and windows keeps installing the 307 ver BIOS. Problem is that with this BIOS i get a lot of BSOD's. Sometimes very often. If I manually roll back to the previous BIOS 306, everything works just fine until the next restart when the BIOS updates by itself to the newest version 307.
I tried to disable automatic windows updates via group policy, but no luck. Windows keeps pushing firmware update like crazy.

I am still mesmerized about how bad the Asus software is. Really they have 0 quality control.

Any ideea? how to avoid the BIOS updating

Thanks.

SpyderBlades
11-11-2019, 04:47 AM
I had the same thing happen with my Asus Zephyrus GX701GWR. Windows update wanted a restart to install something so I obliged... I was pretty surprised when it went into EZ flash and upgraded the bios.

Problem is, it bricked my GPU by corrupting the registry with a host controller or something like that. I had to reset windows completely to get my GPU back. After the reset, the bios is still the new 306 version and it sucks. The fans will randomly cut out for 10 seconds and then kick back in.

If I can't flash it back and get it working properly again, I'm going to just RMA this piece of crap. Starting to really regret buying Asus this time.

Synergist
04-01-2020, 12:53 AM
Curiously, I was in the middle of some work this evening when my PC suddenly went to black screen with some disk activity - then it rebooted, showing the message "BIOS is updating. Do not shut down or reset the system to prevent system bootup failure."

This happened twice - the routine did something, rebooted, showed same message then rebooted, then POSTed as usual.

The board is a Maximus XI Hero, fairly recently installed.

There were no Windows prompts or warnings, nor did I request this to be done.

I have Armoury crate installed (which comes from the motherboard's UEFI WPBT portion of the firmware (https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation) as I understand it?!) -- frankly I find this ridiculous. I did wonder how Armoury Crate magically appeared after first boot, I suspected it was just Windows Update being helpful at the time so didn't investigate further.

Surely a BIOS update shouldn't just happen without warning in the middle of the evening? Have all the usual protections, antivirus, firewall and I carefully monitor my system's activity. Very curious, and I'm worried about it happening again in future. I can see two BIOS updates available (as .zip files) in Armoury in the BIOS section, the most recent is from last year which I'm already running.

As my board and CPU was OCed as a pair by the retailer, I want to prevent any automated or blind BIOS updates which might destabilise the overclock or cause other nasties. Quite worried now that I have a board which just updates its own firmware as and when it feels like it. Or is this something to do with a bad OC partly corrupting the BIOS and Flashback is automatically restoring it to a good state? The feedback on-screen was useless so I don't know what's going on. There was no sign of a firmware update in Windows Update history though...

The machine was running stably with nothing intensive going on, temps all normal and clock speeds well in reasonable limits.