Lenovo: If you value your server, block Microsoft's November security update Lenovo server admins should disable Windows Update and apply a UEFI fix to avoid Microsoft’s November security patches freezing their systems. The world’s third-largest server-maker advised the step after revealing that 19 configurations of its x M5 and M6 rack, as well as its x6 systems are susceptible. Lenovo’s machines are …
Windows doesn't affect your hardware. Simply blacklist some UEFI policies which are deemed insecure. Of course the system won't boot if it relies on them.
But wouldn't that be the ultimate method for making MSWin secure; prevent it from ever booting up?
MS have previous form with this sort of shite..
Not quite on the same scale.. but some baytrail tablets have been bricked by MS updating the firmware on the device.. Reboot.. dead tablet.
The only way to recover the tablet is to reflash the firmware with an external hardware programmer.
One guy has had MS pay for the repair.
See http://linxtablet.co.uk/viewtopic.php?f=36&t=2253
Not quite on the same scale.. but some baytrail tablets have been bricked by MS updating the firmware on the device.. Reboot.. dead tablet.
While back I saw the same thing on a HP AIO machine. IIRC Win 10 (may've been 8, should search the comments for my post) was updating the firmware as part of the updates, only screwed things up such that the machine would only boot with a small few RAM modules - in that case a 1 or 2G module. Only found it by fluke. Fix was to install 8, then re-flash to the latest HP firmware, then make sure 10 couldn't install on the machine. Took us a couple of events before we understood what was going on.
This was a user machine, so updates were automatic (no other option) and reboots were forced (no other option, not even to save open files!)
(quick search - original post is http://forums.theregister.co.uk/forum/containing/2681764 )
Microsoft still think people will trust them to delivery Windows as a service when it borks good machines and then pass of the problem to Lenovo to fix ?
While I may not be a friend to Microsoft, I wouldn't put it past Lenovo to have cocked this one up. I'm sure they aquired a whole bunch of operational procedures from IBM when they bought out the rack server systems.
Even after all the previous recent software disasters and now this from Microsoft server software, Lenovo remains abnormally committed to Microsoft - to the extreme degree of dissing configuration requests for Redhat or SuSE Enterprise Linux on their servers and being embroiled in dispute over Linux install on their Yoga tablet.
Any person, business, organization or government interested in deploying the far superior Linux or BSD UNIX-Like operating systems (OS) for their reliability, performance or security needs should never consider Lenovo, unless they too, are like Lenovo have Redmonds finger up their anus.
Lenovo has almost every flavor of Linux for their servers. https://lenovopress.com/osig#support=all They have alliance agreements with Redhat, and they install more SAP than any other vendor on SuSE.
True, more work needs to be done to include more linux friendly hardware on a subset of their tablets/laptops. http://mjg59.dreamwidth.org/44694.html
Or Slurp is installing backdoors that require some UEFI policies to set differently. Wouldn't be surprised either way. My limited experience with UEFI is it an incompetent "solution" to the problem of 'bloat being a buggy mess. Instead of fixing 'bloat, Slurp forces others to find a solution. Mine is not to use 'bloat.
I was called in to help set up a new desktop. Not as a tech consultant, but as a relative. On another table was a kaput 2013-era HP Pavilion, regraded to Windows 10. Its demise had been foretold months earlier by it taking more than an hour to boot up. But by then it was in repair mode loop, tested for hours. I thought I'd take a stab and the only thing I could think of was to change the boot order in BIOS, boot a PE USB and remove the suspected malware. A first attempt didn't change anything. The second, deeper, attempt caused the computer to make me enter a 4-digit code. I believe that was defeating the UEFI-thing, but what do I *know*? Sadly, it didn't boot my USB stick, but happily it did boot to Windows 10. It was obviously a damaged Windows 10, but at least I was able to remove about 1,000 unwanted entries with mwb. Also removed one protection service that the owner had signed up for, leaving two still there. Then I connected the Internet, which may have been a far bridge. 12 hours later, much had changed on the display, including improved screen resolution, but also a different colour scheme with a yellowish-greenish cast. I thought, oh maybe there was a piece of software that filtered out blue during night time, but couldn't find such a thing on the computer. Or maybe a hardware issue had developed. Don't know the conclusion, as my time at the venue was up.
Anyway, this story is too long. No smoking gun, but it does tend to support the thought that a UEFI computer was borked by a Windows 10 upgrade. But who cares? Perhaps more importantly, it instantiates (couldn't resist) a way that might make use of perfectly good computers without tearing them down for parts: change the boot-order so drastically that it makes you input the UEFI-breaking code.
Please correct my mistakes!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
