MECM - SCCM - Detect If Computer Is Using The Latest BIOS

You can create a query in SCCM to see if your computer model is using an older BIOS version (not the latest BIOS protected against Spectre/Meltdwon). We created a sample query that you can copy and modify.

Create a new Query in SCCM and choose to import the sample query called "Template - Dell BIOS - Detect if vulnerable version" or "Template - Lenovo BIOS - Detect if vulnerable version" corresponding to your computer manufacturer. The template is located under Monitoring->Queries->MIT Queries. After importing the query, you can choose to edit the query using the GUI.

Note that the model in the template is "Optiplex 7020" and the BIOS version is "A14". Modify the query appropriately for your model and BIOS version.

Change model to your model

Change BIOS version to latest BIOS version

Please note that because the version number is stored as a string, we can not always reliable use the Less Than operator. For instance, BIOS version 1.5.10 would be detected as lower than BIOS version 1.5.9. The query we created to detect computers not on the latest BIOS version is only valid as long as no computers have a higher BIOS version than is specified. We are using the Is Not Like operator in order to find any machines not on the latest BIOS.

Same principles apply for Lenovo, though you'll note in the query that the model is stored as "Computer System Product" - "Version" whereas for Dell it's stored as "Computer System" - "Model".

BIOS Updates from Vendors

The list of Dell BIOSes that protect against Spectre/Meltdown for each model is listed here:

http://www.dell.com/support/article/us/en/04/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en

The list of Lenovo BIOSes that protect against Spectre/Meltdown for each model is listed here:

https://support.lenovo.com/us/en/solutions/len-18282

See Also

• Microsoft Endpoint Configuration Manager (MECM) Landing Page