A tiny BIOS chip lurks inside every computer, sitting on your motherboard to breathe life into your system when you press the power button. It not only powers your PC, but helps protect it, too—as Duo Security’s recent report on Apple macOS attacks points out.
BIOS stands for basic input and output system, and the BIOS chip initializes all the other devices in your PC, like the CPU, GPU, and motherboard chipset. But a few years ago, motherboard manufacturers—in partnership with Microsoft and Intel—introduced a replacement for traditional BIOS chips dubbed UEFI (Unified Extensible Firmware Interface).
Almost every motherboard shipping today has a UEFI chip rather than a BIOS chip, but they both share the same core purpose: preparing the system to boot into the operating system. That said, most people still call the UEFI the “BIOS” because of the familiarity of the term.
Why you should (or shouldn’t) update your BIOS
Understanding your UEFI is important so you can understand how (and if) to take advantage of the feature updates and bug fixes that come with the BIOS updates offered by motherboard manufacturers.
Your motherboard likely uses whatever firmware revision the motherboard manufacturer was on back when it was built. Over the lifespan of a motherboard, manufacturers release new firmware packages or BIOS updates that will enable support for new processors and memory, or solve commonly reported bugs. For years, the only real reason to update to a newer firmware revision, however, is to solve a bug in your UEFI or to swap in a CPU that’s newer than your motherboard.
What the Duo report points out, though, is that attacking the UEFI firmware is now a bleeding-edge attack. It’s so low-level, it probably won’t be detected by antivirus software. And once in there, chances are it could survive even refreshing your PC. While it’s true that Duo’s report focuses on the Apple Mac platform, PCs are vulnerable, too. In April, attackers showed how a UEFI exploit could be used to inject ransomware into Gigabyte PCs.
Some people like to regularly check for and update their UEFI firmware packages just to stay up to date. At one time, this was considered a risky practice, given that the firmware updating process can potentially brick your motherboard in the same way that flashing a custom ROM on to Android phone can brick the device. It’s best not to update your UEFI firmware unless there is something specific that the updated firmware offers that you need.
That said, you probably want to stay on top of BIOS updates if you’re on a chip or motherboard platform that’s fresh out of the gates. Several motherboard BIOS updates were released over the first week that AMD’s disruptive new Ryzen chips were in reviewers’ hands, and each provided additional performance and system stability. Expect for those to continue as AMD works the bugs out of Ryzen.
How to update your PC BIOS
1. Find your current BIOS version: Before you upgrade your BIOS, make sure you’re actually installing a new version. The easiest way to find your BIOS version is to open up the System Information app by typing msinfo into the Windows search bar. In the window that opens, your BIOS version should show up on the right, under your processor speed. Record your version number and date, then compare it to the latest version available on your motherboard’s support page on the manufacturer’s website.
2. Enter the UEFI BIOS: When you boot up your PC, you’ll see text that informs you which button to press to enter the UEFI BIOS. Press it! (The exact button needed, and the design of every motherboard’s actual UEFI control panel differs, so these instructions will be more guideposts than step-by-step instructions.)
3. Boot into the UEFI control panel (when possible): Although not all motherboards offer this feature, on certain models you can boot into the UEFI control panel and use a built-in update utility to connect to the internet and flash the latest firmware from the manufacture’s server. This extremely nice feature makes updating to newer firmware revisions as painless as possible.
The process is a bit more involved for motherboards that don’t support this feature.
4. Find the latest BIOS update from your motherboard’s support page: Go to your motherboard’s support page on the manufacturer’s website. The latest BIOS update should be in the support and downloads section.
5. Download and unzip the BIOS update file
6. Transfer update file onto a USB flash drive
7. Reboot your computer into the UEFI control panel
8. Launch the UEFI’s firmware update tool or flashing tool and back up your PC’s existing firmware to your flash drive: This protects you in case something goes wrong.
9. Use the same UEFI utility to select the new firmware image you saved on the flash drive: Running the firmware update utility should take just a couple of minutes, but make sure not to shut off your PC during this process. This is critical.
10. Once the flashing process finishes, restart your computer: Your updated PC BIOS is ready to rock.
Some manufacturers offer utilities that can update your UEFI chip from directly inside Windows by running an .exe file, but we strongly recommend using one of the two methods above to avoid any problems.
Again, updating your PC’s BIOS can provide many benefits, but it’s important to understand the risks. Don’t touch it if there isn’t a clear, compelling reason to update your UEFI firmware. That said, if you want to drop in a newer CPU into an older motherboard, then it’s clear that a BIOS update lies in your future.
Updated at 10:46 AM to reference Duo Security’s recent report on UEFI attacks on the Apple Macintosh and MacOS.