Access Keys:
Skip to content (Access Key - 0)

SCCM - Detect If Computer Is Using The Latest BIOS

You can create a query in SCCM to see if your computer model is using an older BIOS version (not the latest BIOS protected against Spectre/Meltdwon). We created a sample query that you can copy and modify.

Create a new Query in SCCM and choose to import the sample query called "Template - Dell BIOS - Detect if vulnerable version" or "Template - Lenovo BIOS - Detect if vulnerable version" corresponding to your computer manufacturer. The template is located under Monitoring->Queries->MIT Queries. After importing the query, you can choose to edit the query using the GUI.

Note that the model in the template is "Optiplex 7020" and the BIOS version is "A14". Modify the query appropriately for your model and BIOS version.

Change model to your model

Change BIOS version to latest BIOS version

Please note that because the version number is stored as a string, we can not always reliable use the Less Than operator. For instance, BIOS version 1.5.10 would be detected as lower than BIOS version 1.5.9. The query we created to detect computers not on the latest BIOS version is only valid as long as no computers have a higher BIOS version than is specified. We are using the Is Not Like operator in order to find any machines not on the latest BIOS.

Same principles apply for Lenovo, though you'll note in the query that the model is stored as "Computer System Product" - "Version" whereas for Dell it's stored as "Computer System" - "Model".

BIOS Updates from Vendors

The list of Dell BIOSes that protect against Spectre/Meltdown for each model is listed here:

http://www.dell.com/support/article/us/en/04/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en

The list of Lenovo BIOSes that protect against Spectre/Meltdown for each model is listed here:

https://support.lenovo.com/us/en/solutions/len-18282

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

January 12, 2018

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
sccm sccm Delete
c-sccm c-sccm Delete
endpoint endpoint Delete
management management Delete
spectre spectre Delete
meltdown meltdown Delete
bios bios Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki