The news about this specific vulnerability is a bit old by now, but it doesn’t hurt to drop a reminder that you should update your BIOS frequently to prevent yourself from falling victim to other vulnerabilities later down the line. BIOS updates can also improve performance as well (or make it worse, cough, Spectre mitigations) in a few scenarios.
If you have a laptop, it’s probably as easy as just downloading your manufacturer’s tool from their website, clicking a few buttons, restarting, and you should be set or your manufacturer might provide these updates thru Windows’ update system which in that case you don’t need to download any additional software.
If you’re on a desktop however, most of the time this involves you downloading a file, throwing it on a USB stick, and updating it from the BIOS screen or by pressing a button on the back of the motherboard.
Either way, you’re probably only a [insert search engine name here] search away from finding a guide on how to do it for your specific motherboard/device.
A few words of caution though: If you’re on a desktop without a battery backup it’s probably wise to only do these updates when you have high confidence that your power isn’t going to drop during the update. If you lose power during one of these updates, recovery is not a fun task (unless your motherboard is fancy and has a button to recover from these kinds of scenarios) and your motherboard basically becomes a cool looking paper weight unless you want to flash the chip manually, which is possible but is kind of annoying to do and requires the right tools (but they’re pretty cheap from Alibaba or whatever)
Anyway, rant over. Make sure you keep your computers up-to-date comrades, it’s always worth spending the half an hour or so it takes to update everything on your computer so you can have some extra peace of mind.
From Binarly
each IBV has at least one exploitable bug inside their parsers, and every parser contains bugs. The only exception is Insyde’s PNG parser that is based on an open-source project, and was likely already well-tested by the community.
Lol