Revision : 01 -------------------------------------------------------------------------------- Software name BIOS Update CD (ISO image file for bootable CD) Support models ThinkPad Yoga 260 ThinkPad S1 Operating Systems Microsoft Windows 10 64-bit Microsoft Windows 8.1 64-bit Microsoft Windows 7 32-bit, 64-bit Refer to marketing materials to find out what computer models support which Operating Systems. Version 1.88 -------------------------------------------------------------------------------- WHAT THIS PACKAGE DOES This package provides the ISO image file of UEFI BIOS which is compatible with CD/DVD/BD writing software to create the CD/DVD/BD for the UEFI BIOS update. Hereafter the CD/DVD/BD for the UEFI BIOS update is called as "BIOS Update CD". The BIOS Update CD can boot the computer disregarding the operating systems and update the UEFI BIOS (including system program and Embedded Controller program) stored in the ThinkPad computer to fix problems, add new functions, or expand functions as noted below. For that purpose, it is necessary to have the CD/DVD/BD writing software (with CD/DVD/BD creation function from the ISO image file) prepared separately. Also, the following type of CD-RW, CD-RW & DVD Combo, DVD, DVD Multi, BD or other optical drives should be prepared. (Hereafter these drives are called as "optical drive".) - USB This program is language independent and can be used with any language system. -------------------------------------------------------------------------------- CHANGES IN THIS RELEASE Version 1.88 [Important updates] - Enhancement to address security vulnerability, CVE-2017-5715 - Enhancement to address security vulnerability, CVE-2022-33894 - Enhancement to address security vulnerability, CVE-2022-34301, CVE-2022-34302, CVE-2022-34303 [New functions or enhancements] - Updated the Diagnostics module to version 04.27.000. [Problem fixes] - Fixed "Clear All Secure Boot Keys" not working when Secure Boot is Enable. - Fixed an issue SecureBootEnable is not protected. -------------------------------------------------------------------------------- DETERMINING WHICH VERSION IS INSTALLED There are two ways to check the UEFI BIOS version and BIOS ID. [Checking on Windows] Windows 10/8.1: 1. Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen. 2. Select Control Panel from the menu. 3. Make sure "View by Category" is selected, and select System and Security, select Administrative Tools, and then select System Information. - or - 2. Select Run from the menu. 3. Type msinfo32, and press Enter. 4. On the System Information window, make sure System Summary is selected in the left side of the window. 5. Locate the BIOS version/date line in the right side of the window. "LENOVO BIOS ID (BIOS version), date" will be shown. If you are prompted for an administrator password or confirmation, type your password, or click Continue. Windows 7: 1. Click Start, click All Programs or Programs, click Accessories, click System Tools and then click System Information. - or - Click Start, type msinfo32 in the Start Search box and then click msinfo32 in the Programs list. 2. On the System Information window, make sure System Summary is selected in the left side of the window. 3. Locate the BIOS version/date line in the right side of the window. "LENOVO BIOS ID (BIOS version), date" will be shown. If you are prompted for an administrator password or confirmation, type your password, or click Continue. [Checking on ThinkPad Setup] Windows 10: 1. Turn on the computer to start Windows. 2. Hold down the Windows logo key. 3. Select Power from the menu. 4. Select Reboot to restart the computer. Windows 8.1: 1. Turn on the computer to start Windows. 2. Hold down the Windows logo key and press C to open the Charm bar on the screen. 3. Select Settings, then Power from the menu. 4. Select Reboot to restart the computer. Windows 7: 1. Turn off the computer. 2. Turn on the computer. 3. Go to the step 5. 5. While the "To interrupt normal startup, press Enter" message is displayed at the lower-left area or lower-center of the screen, press the F1 key. The ThinkPad Setup menu will be displayed. If a password prompt appears, type the correct password. 6. Locate the UEFI BIOS Version line and Embedded Controller Version line. "UEFI BIOS version (BIOS ID)" will be shown on the UEFI BIOS Version line. 7. Turn off the computer. -------------------------------------------------------------------------------- NOTES - Be aware that ThinkPad Dock and USB 3.0 Dock have the latest USB Hub firmware by applying the USB Hub firmware update tool available at the Lenovo site. - If the UEFI BIOS has been updated to version 1.59 or higher, it is no longer able to roll back to the version before 1.59 for security improvement. - If the UEFI BIOS has been updated to version 1.53 or higher, it is no longer able to roll back to the version before 1.53 for security improvement. - If the UEFI BIOS has been updated to version 1.49 or higher, it is no longer able to roll back to the version before 1.49 for security improvement. - Be aware that the OS Optimized Defaults option in the Restart menu of ThinkPad Setup should not be normally changed. Lenovo recommends to use the factory default setting for it, as follows. OS Optimized Defaults - For Windows 10/8.1 64-bit Preload models [Enabled] - For Windows 7 [Disabled] To install Windows 7, the OS Optimized Defaults option should be [Disabled]. If the OS Optimized Defaults setting is changed, Setup Default by the F9 key will not load the same default configuration, as follows. Furthermore, by the condition of Operating System installation, the computer may not be booted due to the setting change. If your computer runs satisfactorily now, you have no need to change the OS Optimized Defaults option. If you need to change the setting, consider well the effect of the setting change. Affected Setup menu items : "OS Optimized Defaults" setting [Disabled] case [Enabled] case - Security - UEFI BIOS Update Option - Secure RollBack Prevention [Disabled] [Enabled] - Secure Boot - Secure Boot [Disabled] [Enabled] - Startup - UEFI/Legacy Boot [Both] [UEFI Only] - UEFI/Legacy Boot Priority [Legacy First] (Not shown) - CSM Support [Yes] [No] By the OS to be newly installed, you need to change the OS Optimized Defaults option, and load default configuration. 1. Enter the ThinkPad Setup menu by following steps in [Checking On ThinkPad Setup] in the DETERMINING WHICH VERSION IS INSTALLED section. 2. Select Restart, then select OS Optimized Defaults and press Enter. 3. Select the following setting and press Enter. [Enabled] (for Windows 10/8.1 64-bit) [Disabled] (for Windows 7) 4. Press the F9 key to load default configuration. 5. Select Yes. 6. Press the F10 key to save default configuration and exit. 7. Select Yes. The computer will be restarted automatically. (Caution) If both the Secure Boot option is Enabled and UEFI Secure Boot in the Main menu of ThinkPad Setup is shown as Off, restoring Factory Keys is needed. Do the following to restore Factory Keys. 1. Enter the ThinkPad Setup menu by following steps in [Checking On ThinkPad Setup] in the DETERMINING WHICH VERSION IS INSTALLED section. 2. Select Security, then select Secure Boot. 3. Select Restore Factory Keys, and press Enter. 4. Select Yes to restore Factory keys. 5. Press the F10 key to save configuration and exit. 6. Select Yes. The computer will be restarted automatically. - To enable 30 Day standby feature of ThinkVantage Power Manager, the computer has to disable waking computer by network adapters and USB devices. Uncheck the checkbox next to "Allow this device to wake the computer" in the Power Management tab for each device in Device Manager. - You should install the CD/DVD/BD writing software which supports CD/DVD/BD creation function from the ISO image file to create the BIOS Update CD. - To boot the computer from the BIOS Update CD, you should have the following type of optical drives. - USB Any types of other optical devices are not supported. - The contents of the BIOS Update CD can not be shown by Windows Explorer. -------------------------------------------------------------------------------- CREATING THE BIOS UPDATE CD This section assumes to use Internet Explorer and Windows Explorer. Downloading file 1. Click once on the underlined file name. Once this is done, some pop-up windows will appear. 2. Follow the instructions on the screen. 3. In the window to choose Run or Save, click Save. 4. Choose the folder you would like to download the file to and click Save. A different window will appear and the download will begin and complete. Once the download has completed, there may or may not be a message stating that the download completed successfully. Creating BIOS Update CD 5. Prepare a computer with an optical drive installed and a blank CD/DVD/BD disc, and make sure the CD/DVD/BD writing software is installed into the computer. 6. Locate the folder where the file was downloaded. 7. Locate the file ending in ".ISO" that was downloaded, then double-click it. A writing software will open. 8. Follow the instructions on the screen to finish writing and complete creating BIOS Update CD. Finally delete the file saved in the step 4. -------------------------------------------------------------------------------- BEFORE UPDATING THE UEFI BIOS Boot capability with [Legacy Only] setting in the ThinkPad Setup is no longer supported. To boot the BIOS Update CD for the BIOS update, the Legacy Only setting should not be selected in the UEFI/Legacy Boot option of ThinkPad Setup. Follow the instructions below to make sure the Legacy Only setting is not selected. 1. Turn on computer. 2. While "To interrupt normal startup, press Enter" message is displayed at lower-left area or lower-center of screen, press F1 key. ThinkPad Setup menu will be displayed. If password prompt appears, type correct password. 3. Select Startup, then select UEFI/Legacy Boot. 4. Make sure [Legacy Only] is not selected. If not selected, press Esc and then select Exit Discarding Changes to restart the computer. If selected, go to the step 5. 5. Select [Both] and press Enter. 6. Press the F10 key to save configuration and exit. 7. Select Yes. The computer will be restarted automatically. After the computer is restarted, insert the BIOS Update CD into the optical drive, and then restart the computer for the BIOS update. Note: If the Legacy Only setting should be restored after the BIOS update, follow the instructions above, where skip the step 4 and select [Legacy Only] in the step 5. -------------------------------------------------------------------------------- UPDATING THE UEFI BIOS Notes: - If the UEFI BIOS has been updated to version 1.59 or higher, it is no longer able to roll back to the version before 1.59 for security improvement. - If the UEFI BIOS has been updated to version 1.53 or higher, it is no longer able to roll back to the version before 1.53 for security improvement. - If the UEFI BIOS has been updated to version 1.49 or higher, it is no longer able to roll back to the version before 1.49 for security improvement. - If your computer runs satisfactorily now, it may not be necessary to update the UEFI BIOS. To determine if you should update the UEFI BIOS, refer to the Version Information section. - You need an AC adapter, a charged battery pack and the following type of optical drives. - USB - Remove the Power-on password prior to updating the UEFI BIOS in the remote deployment environments. Attention: Do not turn off, suspend the computer or remove the BIOS UPDATE CD until the update has been completed. IF YOU DO THAT WHILE THE UPDATE IS STILL IN PROGRESS, THE SYSTEM BOARD MAY HAVE TO BE REPLACED. 1. Firmly connect the AC adapter to your ThinkPad computer. 2. Make sure it has an optical drive installed. Windows 10: 3. Turn on the computer to start Windows. 4. Hold down the Windows logo key. 5. Select Power from the menu. 6. Select Reboot to restart the computer. Windows 8.1: 3. Turn on the computer to start Windows. 4. Hold down the Windows logo key and press C to open the Charm bar on the screen. 5. Select Settings, then Power from the menu. 6. Select Reboot to restart the computer. Windows 7: 3. Turn off the computer. 4. Turn on the computer. 5. Go to the step 7. 7. While the "To interrupt normal startup, press Enter" message is displayed at the lower-left area or lower-center of the screen, press the F12 key. Boot Menu will be displayed. If a password prompt appears, type the correct password. 8. Insert the BIOS Update CD into the optical drive. 9. Select USB CD to set up the boot drive. Then, the computer will be rebooted from the BIOS Update CD. 10. Select Read this first from the menu and carefully read the information. 11. Press the Esc key to return to the menu. 12. Select Update system program and follow the instructions on the screen. 13. After the information panel appears, remove the BIOS Update CD from the optical drive then press the Enter key to restart the computer. -------------------------------------------------------------------------------- INITIALIZING UEFI BIOS UEFI BIOS Initialization is suggested for some problems. To initialize the UEFI BIOS settings: Windows 10: 1. Turn on the computer to start Windows. 2. Hold down the Windows logo key. 3. Select Power from the menu. 4. Select Reboot to restart the computer. Windows 8.1: 1. Turn on the computer to start Windows. 2. Hold down the Windows logo key and press C to open the Charm bar on the screen. 3. Select Settings, then Power from the menu. 4. Select Reboot to restart the computer. Windows 7: 1. Power off the computer. 2. Power on the computer. 3. Go to the step 5. 5. While the "To interrupt normal startup, press Enter" message is displayed at the lower-left area or lower-center area of the screen, press the F1 key. The ThinkPad Setup menu will be displayed. If a password prompt appears, type the correct password. 6. Press the F9 key to load default configuration. 7. Select Yes. 8. Press the F10 key to save default configuration and exit. 9. Select Yes. 10. Restart the computer. Note: After initialization you may need to reapply some settings that you had changed previously. -------------------------------------------------------------------------------- VERSION INFORMATION The following versions of UEFI BIOS and ECP (Embedded Controller Program) have been released to date. Package (ID) UEFI BIOS (BIOS ID) ECP (ECP ID) Rev. Issue Date -------------------- ------------------- --------------- ---- ---------- 1.88 (N1GUR43W) 1.88 (N1GETA9W) 1.27 (N1GHT50W) 01 2023/03/02 1.87 (N1GUR42W) 1.87 (N1GETA8W) 1.27 (N1GHT50W) 01 2022/12/15 1.86 (N1GUR41W) 1.86 (N1GETA7W) 1.27 (N1GHT50W) 01 2022/09/06 1.85 (N1GUR40W) 1.85 (N1GETA6W) 1.27 (N1GHT50W) 01 2021/12/21 1.84 (N1GUR39W) 1.84 (N1GETA5W) 1.27 (N1GHT50W) 01 2021/08/04 1.83 (N1GUR38W) 1.83 (N1GETA4W) 1.27 (N1GHT50W) 01 2021/04/23 1.82 (N1GUR37W) 1.82 (N1GETA3W) 1.27 (N1GHT50W) 01 2020/11/05 1.81 (N1GUR36W) 1.81 (N1GETA2W) 1.27 (N1GHT50W) 01 2020/07/01 1.79 (N1GUR35W) 1.79 (N1GETA0W) 1.27 (N1GHT50W) 01 2019/12/26 1.78 (N1GUR34W) 1.78 (N1GET99W) 1.27 (N1GHT50W) 01 2019/11/28 1.77 (N1GUR33W) 1.77 (N1GET98W) 1.27 (N1GHT50W) 01 2019/09/17 1.76 (N1GUR32W) 1.76 (N1GET97W) 1.27 (N1GHT50W) 01 2019/05/13 1.75 (N1GUR31W) 1.75 (N1GET96W) 1.27 (N1GHT50W) 01 2019/03/13 1.74 (N1GUR30W) 1.74 (N1GET95W) 1.27 (N1GHT50W) 01 2018/12/25 1.72 (N1GUR29W) 1.72 (N1GET93W) 1.27 (N1GHT50W) 01 2018/10/22 1.71 (N1GUR28W) 1.71 (N1GET92W) 1.27 (N1GHT50W) 01 2018/08/20 1.70 (N1GUR27W) 1.70 (N1GET91W) 1.27 (N1GHT50W) 01 2018/07/11 1.69 (N1GUR26W) 1.69 (N1GET90W) 1.27 (N1GHT50W) 01 2018/06/12 1.68 (N1GUR25W) 1.68 (N1GET89W) 1.27 (N1GHT50W) 01 2018/04/12 1.67 (N1GUR24W) 1.67 (N1GET88W) 1.27 (N1GHT50W) 01 2018/03/14 1.63 (N1GUR23W) 1.63 (N1GET84W) 1.27 (N1GHT50W) 02 2018/02/06 1.63 (N1GUR23W) 1.63 (N1GET84W) 1.27 (N1GHT50W) 01 2017/12/26 1.61 (N1GUR22W) 1.61 (N1GET82W) 1.27 (N1GHT50W) 01 2017/10/06 1.60 (N1GUR21W) 1.60 (N1GET81W) 1.27 (N1GHT50W) 01 2017/09/22 1.59 (N1GUR20W) 1.59 (N1GET80W) 1.27 (N1GHT50W) 01 2017/09/11 1.58 (N1GUR19W) 1.58 (N1GET79W) 1.27 (N1GHT50W) 01 2017/07/24 1.57 (N1GUR18W) 1.57 (N1GET78W) 1.27 (N1GHT50W) 01 2017/06/26 1.56 (N1GUR17W) 1.56 (N1GET77W) 1.27 (N1GHT50W) 01 2017/06/15 1.55 (N1GUR16W) 1.55 (N1GET76W) 1.27 (N1GHT50W) 01 2017/05/15 1.53 (N1GUR15W) 1.53 (N1GET74W) 1.26 (N1GHT49W) 01 2017/02/28 1.51 (N1GUR14W) 1.51 (N1GET72W) 1.24 (N1GHT47W) 01 2016/11/18 1.50 (N1GUR13W) 1.50 (N1GET71W) 1.24 (N1GHT47W) 01 2016/10/31 1.49 (N1GUR12W) 1.49 (N1GET70W) 1.24 (N1GHT47W) 01 2016/08/25 1.47 (N1GUR11W) 1.47 (N1GET68W) 1.24 (N1GHT47W) 01 2016/07/22 1.43 1.43 (N1GET64W) 1.23 (N1GHT46W) For factory use 1.42 (N1GUR10W) 1.42 (N1GET63W) 1.21 (N1GHT44W) 01 2016/05/16 1.41 (N1GUR09W) 1.41 (N1GET62W) 1.21 (N1GHT44W) 01 2016/04/27 1.40 (N1GUR08W) 1.40 (N1GET61W) 1.20 (N1GHT43W) 01 2016/04/08 1.36 (N1GUR07W) 1.36 (N1GET57W) 1.19 (N1GHT42W) 01 2016/03/04 1.34 (N1GUR06W) 1.34 (N1GET55W) 1.17 (N1GHT40W) 01 2016/02/23 1.33 (N1GUR05W) 1.33 (N1GET54W) 1.17 (N1GHT40W) 01 2016/01/28 1.32 1.32 (N1GET53W) 1.16 (N1GHT39W) For factory use 1.15 (N1GUR04W) 1.15 (N1GET37W) 1.16 (N1GHT39W) 01 2016/01/22 1.14 (N1GUR03W) 1.14 (N1GET36W) 1.14 (N1GHT37W) 01 2015/12/23 1.12 (N1GUR02W) 1.12 (N1GET35W) 1.12 (N1GHT35W) 01 2015/12/04 1.11 1.11 (N1GET34W) 1.11 (N1GHT34W) For factory use 1.09 1.09 (N1GET32W) 1.09 (N1GHT32W) For factory use 1.06 (N1GUR01W) 1.06 (N1GET29W) 1.06 (N1GHT29W) 01 2015/10/08 Note: Revision number (Rev.) is for administrative purpose of this README document and is not related to software version. There is no need to upgrade this software when the revision number changes. To check the version of UEFI BIOS and Embedded Controller Program, refer to the Determining which version is installed section. Summary of Changes Where: < > Package version UEFI: UEFI BIOS version ECP: Embedded Controller Program version [Important] Important update (New) New function or enhancement (Fix) Correction to existing function <1.88> UEFI: 1.88 / ECP: 1.27 - [Important] Enhancement to address security vulnerability, CVE-2017-5715 - [Important] Enhancement to address security vulnerability, CVE-2022-33894 - [Important] Enhancement to address security vulnerability, CVE-2022-34301, CVE-2022-34302, CVE-2022-34303 - (New) Updated the Diagnostics module to version 04.27.000. - (Fix) Fixed "Clear All Secure Boot Keys" not working when Secure Boot is Enable. - (Fix) Fixed an issue SecureBootEnable is not protected. <1.87> UEFI: 1.87 / ECP: 1.27 - [Important] Update includes a security fix. - (New) Updated the Diagnostics module to version 04.26.000. <1.86> UEFI: 1.86 / ECP: 1.27 - [Important] Update includes a security fix. - [Important] Enhancement to address security vulnerability, CVE-2022-21151, CVE-2022-0005 - (New) Updated the Diagnostics module to version 04.25.000. - (New) Updated the CPU microcode. - (Fix) Fixed an issue where device firmware update via Windows Update failed when OPAL management software is installed. <1.85> UEFI: 1.85 / ECP: 1.27 - [Important] Update includes a security fix. - (New) Updated the MEBx. - (New) Updated the TXT BIOS ACM. - (New) Updated the CPU microcode. - (New) Updated the Diagnostics module to version 04.21.000. <1.84> UEFI: 1.84 / ECP: 1.27 - [Important] Update includes a security fix. <1.83> UEFI: 1.83 / ECP: 1.27 - [Important] CVE-2020-24511 , CVE-2020-24512. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24511) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24512) - (New) Updated the CPU microcode. - (New) Updated the Diagnostics module to version 04.17.000. <1.82> UEFI: 1.82 / ECP: 1.27 - [Important] Update includes a security fix. - [Important] Addresses CVE-2020-8696 and CVE-2020-8698. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8696) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8698) - [Important] Addresses CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, and CVE-2020-0593. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0587) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0588) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0590) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0591) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0592) (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0593) - (New) Updated the CPU microcode. - (New) Updated the Diagnostics module to version 04.15.000. <1.81> UEFI: 1.81 / ECP: 1.27 - [Important] Update includes a security fix. - [Important] Address CVE-2020-0548, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0548) - [Important] Address CVE-2020-0549, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0549) - [Important] Address CVE-2020-0543, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0543) - [Important] Update includes a security fix. - (New) Updated the Diagnostics module to version 04.12.001. <1.79> UEFI: 1.79 / ECP: 1.27 - [Important] Addresses CVE-2019-0185 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0185) - [Important] Addresses CVE-2019-0154 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154) Refer to Lenovo's Security Advisory page for additional information about LEN-27714 "Multi-vendor BIOS Security Vulnerabilities" (https://support.lenovo.com/us/en/product_security/LEN-27714) - [Important] Addresses CVE-2019-14607 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14607) <1.78> UEFI: 1.78 / ECP: 1.27 - [Important] Addresses CVE-2019-0151 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0151) - [Important] Addresses CVE-2019-0152 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0152) - [Important] Addresses CVE-2019-0123 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0123) - [Important] Addresses CVE-2019-0124 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0124) - [Important] Addresses CVE-2019-0117 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0117) - [Important] Addresses CVE-2019-0184 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0184) Refer to Lenovo's Security Advisory page for additional information about LEN-27714 "Multi-vendor BIOS Security Vulnerabilities" (https://support.lenovo.com/us/en/product_security/LEN-27714) <1.77> UEFI: 1.77 / ECP: 1.27 - [Important] Enhancement to address security vulnerability CVE-2018-6622. (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2018-6622) Refer to Lenovo's Security Advisory page for additional information about LEN-20494 "TPM 2.0 Sleep-Wake Error in BIOS Firmware" (https://support.lenovo.com/us/en/solutions/LEN-20494). - [Important] Update includes a security fix. - (Fix) Fixed an issue where system might hang up at POST when some KVM device was connected. <1.76> UEFI: 1.76 / ECP: 1.27 - [Important] Enhancement to address security vulnerability CVE-2018-12126, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2018-12126) anticipated to be published 05/14/2019. - [Important] Enhancement to address security vulnerability CVE-2018-12127, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2018-12127) anticipated to be published 05/14/2019. - [Important] Enhancement to address security vulnerability CVE-2018-12130, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2018-12130) anticipated to be published 05/14/2019. - (New) Updated the CPU microcode. - (New) Updated the Diagnostics module to version 04.08.000. <1.75> UEFI: 1.75 / ECP: 1.27 - [Important] Update includes a security fix. - (New) Updated the Diagnostics module to 04.06.000. <1.74> UEFI: 1.74 / ECP: 1.27 - [Important] Security fix addresses LEN-20494 TPM 2.0 Sleep-Wake Error in BIOS Firmware (CVE-2018-6622). Refer to Lenovo's Security Advisory page for additional information. (https://support.lenovo.com/us/en/solutions/LEN-20494) - (New) Updated the Diagnostics module to full version 04.05.000. - (Fix) Fixed an issue where SAMSUNG PM871 SSD might not be detected correctly after system restart. <1.72> UEFI: 1.72 / ECP: 1.27 - [Important] Security fix addresses LEN-22660 TianoCore EDK II BIOS Vulnerabilities. Refer to Lenovo's Security Advisory page for additional information. (https://support.lenovo.com/us/en/solutions/LEN-22660) - [Important] Added Hyper Threading enable/disable option to ThinkPad Setup for virtualized system users in order to address LEN-24163 L1 Terminal Fault Side Channel Vulnerabilities (CVE-2018-3646) Refer to Lenovo's Security Advisory page for additional information.(https://support.lenovo.com/us/en/solutions/LEN-24163) - [Important] Security fix addresses LEN-23848 Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware (CVE-2017-5704). Refer to Lenovo's Security Advisory page for additional information. (https://support.lenovo.com/us/en/solutions/LEN-23848) <1.71> UEFI: 1.71 / ECP: 1.27 - (New) Updated the Diagnostics module to version 04.00.001. - (Fix) Fixed an issue where BIOS silent update might fail with system account. - (Fix) Fixed an issue where the system may not unlock by TPM pin code. <1.70> UEFI: 1.70 / ECP: 1.27 - (Fix) Fixed an issue where BIOS POST might display the error message "Boot Manager recover from an error." <1.69> UEFI: 1.69 / ECP: 1.27 - [Important] Security fix addresses LEN-22133 Speculative Execution Side Channel Variants 4 and 3a (CVE-2018-3639, CVE-2018-3640). Refer to Lenovo's Security Advisory page for additional information. (https://support.lenovo.com/product_security/home) <1.68> UEFI: 1.68 / ECP: 1.27 - [Important] Security fix addresses LEN-19568 Intel Active Management Technology MEBx Access Control Bypass. - (New) Updated the Diagnostics module to version 03.12.003. <1.67> UEFI: 1.67 / ECP: 1.27 - (New) Updated TXT BIOS ACM. - (New) Updated the Diagnostics module to version 03.12.002. - (Fix) Fixed an issue where system might not boot to OS when attached an external monitor and its USB3 devices. - (Fix) Fixed an issue where network boot might happened at reboot after resume from suspend by Wake On LAN. - (Fix) Fix an issue where user cannot enter Bitlocker Pin code by using Bloomberg 4 keyboard. - (Fix) Fix an issue where system cannot boot with USB 3.0 Ethernet adapter or ThinkPad Docks with USB Ethernet device. - (Fix) Fix an issue where Operating System cannot recognize custom ACPI Table. - (Fix) Fixed TPM firmware update issue with TPM 1.2. - (Fix) Fixed a mismatch issue between the Intel(R) ME configuration and FPF fuse settings. <1.63> UEFI: 1.63 / ECP: 1.27 - [Important] Enhancement to address CVE-2017-5715. (Note) Release to the web again after re-evaluation of the solution. <1.63> UEFI: 1.63 / ECP: 1.27 - [Important] Enhancement to address CVE-2017-5715. <1.61> UEFI: 1.61 / ECP: 1.27 - (New) Support interface of TPM firmware update. <1.60> UEFI: 1.60 / ECP: 1.27 - (New) Supported error message for WUFU power check failure. - (New) Updated the Diagnostics module to version 03.11.000. - (New) Enhanced Bottom Cover Tamper detection. - (Fix) Fixed BitLocker recovery issue when PCR5 was enabled as platform validation profile. <1.59> UEFI: 1.59 / ECP: 1.27 - [Important] Update includes a security fix. (Note) If the UEFI BIOS has been updated to version 1.59 or higher, it is no longer able to roll back to the version before 1.59 for security improvement. <1.58> UEFI: 1.58 / ECP: 1.27 - (Fix) Fixed an issue where no boot devices might be shown when Boot Order Lock is enabled after Microsoft SCCM installation. - (Fix) Fixed an issue where POST 191 error might occur when only SVP change is requested by WMI. <1.57> UEFI: 1.57 / ECP: 1.27 - (New) Updated the Diagnostics module to version 03.10.001. - (New) Display PCI LAN device with component name in Boot Menu. - (Fix) Fixed an issue where Handelsbanken USB Smart Card Reader might cause a POST hang. <1.56> UEFI: 1.56 / ECP: 1.27 - (New) Support BIOS update on a specific OS environment. <1.55> UEFI: 1.55 / ECP: 1.27 - [Important] Update includes a security fix. - (New) Updated the CPU microcode. - (Fix) Fixed a POST hang issue when Lenovo T2424z monitor is attached to the system and is selected as a boot display. - (Fix) Fixed an issue where Samsung 18nm memory might occur BSOD. - (Fix) Fixed the issue where the keyboard, trackpoint and trackpad does not work <1.53> UEFI: 1.53 / ECP: 1.26 - [Important] Security fix addresses LEN-13640 Intel Direct Connect Interface Can Be Enabled (Note) If the UEFI BIOS has been updated to version 1.53 or higher, it is no longer able to roll back to the version before 1.53 for security improvement. - (New) Updated the CPU microcode. - (New) Updated the Intel reference code. - (New) Added latest Microsoft revocation file list in the default dbx for Secure Boot. - (New) Changed HDD password retry count for RSE from 5 to 3 to align Lenovo password policy. - (New) Changed SMBIOS Type 3 Enclosure Type from Notebook to Convertible. - (Fix) Fixed an issue where user might get BSOD when applying BIOS Update on the system with Device Guard feature enebled on Windows 10 Enterprise Edition. (Note) Fix is effective at next BIOS Update timing. To apply this BIOS Update package, user needs to disable Device Guard feature temporarily in advance. - (Fix) Fixed an issue where system might hang up at POST with Error code 1802 for EM7455 WWAN device. - (Fix) Fixed an issue where system don't boot from network at Wake on Lan form S5. - (Fix) Fixed an issue where ISO image cannot boot via AMT. <1.51> UEFI: 1.51 / ECP: 1.24 - [Important] Update includes a security fix. - (Fix) Fixed an issue where the computer might not boot when attaching to USB3.0 Hub on ThinkVision T2224z Monitor. <1.50> UEFI: 1.50 / ECP: 1.24 - [Important] Update includes a security fix. - (New) Support SMBIOS reporting option in BIOS setup. - (New) Updated the Diagnostics module to version 2.09.09. - (Fix) Provided a workaround to make the PxE boot display resolution to XGA (1024x768) - (Fix) Fixed to be able to unlock the password at reboot. - (Fix) Fixed an issue where cursor without password prompt might appear at unattended boot. - (Fix) Fixed an issue where the computer might not boot when keyboard with USB hub is attached to USB2.0 port of ThinkPad Dock & USB 3.0 Dock. <1.49> UEFI: 1.49 / ECP: 1.24 - [Important] Update includes some security fixes. (Note) If the UEFI BIOS has been updated to version 1.49 or higher, it is no longer able to roll back to the version before 1.49 for security improvement. - (New) Updated the CPU microcode. - (New) Updated MEBx. - (Fix) Fixed S3 resume hang with NVMe HDP. - (Fix) Fixed an issue where the computer was not booted when ThinkPad USB 3.0 Dock and the USB headset were attached to the computer. - (Fix) Fixed an issue where "Inactive" cannot be saved when discrete TPM is selected. - (Fix) Fixed the number of slots in SMBIOS type16/17. <1.47> UEFI: 1.47 / ECP: 1.24 - (New) Added support of Remote Secure Erase with Intel AMT. - (New) Updated the CPU microcode. - (New) Updated the Intel reference code. - (New) Allow keyboard input during POST logo under Tent / Stand multi-mode usage. - (Fix) Fixed an issue where 16-bit application might not work in 32-bit Windows. <1.42> UEFI: 1.42 / ECP: 1.21 - (New) Updated the Diagnostics module to Version 02.09.08. <1.41> UEFI: 1.41 / ECP: 1.21 - (New) Updated the CPU microcode. - (New) Updated the logo image on UEFI BIOS POST. - (Fix) Fixed Ethernet LAN Option ROM might not work properly with PoE Ethernet Switch. - (Fix) Improved fan speed control method. - (Fix) Fixed an issue where function keys did not work during UEFI BIOS POST. - (Fix) Re-enabled NVMe device support on Legacy Boot which was temporarily disabled on Version 1.40. <1.40> UEFI: 1.40 / ECP: 1.20 - (New) Updated the CPU microcode. - (New) Updated the Intel reference code. - (New) Updated the Diagnostics module to Version 02.09.06. - (New) Temporarily disabled NVMe device support on Legacy Boot. <1.36> UEFI: 1.36 / ECP: 1.19 - (New) System can be turned on without AC adapter even if bottom cover was opened. - (New) Supported Device Guard. - (New) Supported NVMe device on Legacy Boot. - (New) Supported CTRL+ALT+DEL operation by pressing Windows button on screen and Power button simultaneously. - (New) Supported Narrator function enabling by pressing Windows button on screen and Volume Up button simultaneously. - (New) Supported screen capture by pressing Windows button on screen and Volume Down button simultaneously. - (New) Updated the CPU microcode. <1.34> UEFI: 1.34 / ECP: 1.17 - (Fix) Fixed an issue where PXE boot did not work on EFI boot with LAN on ThinkPad OneLink+ Dock. <1.33> UEFI: 1.33 / ECP: 1.17 - (New) Updated the CPU microcode. - (New) Updated the Intel reference code. - (New) Supported Wake by WiGig Dock. - (New) Supported Internal Storage Tamper Detection. - (Fix) Fixed an issue where USB Keyboard did not work on ThinkPad Drive Erase Utility. - (Fix) Fixed an issue where the system did not wake up by Windows button below the screen. <1.15> UEFI: 1.15 / ECP: 1.16 - (New) Updated the CPU microcode. - (Fix) Fixed an issue where PXE boot did not work on Legacy boot with LAN on ThinkPad USB 3.0 Pro Dock or ThinkPad USB 3.0 Ultra Dock. <1.14> UEFI: 1.14 / ECP: 1.14 - (Fix) Fixed an issue where Windows UEFI Firmware Update did not work correctly. <1.12> UEFI: 1.12 / ECP: 1.12 - (New) Updated the CPU microcode. - (New) Updated the GOP driver. - (New) Supported CPU power management functions(C9, C10). (Note) Please use the following driver level for above function. Intel HD Graphics Driver : 20.19.15.4312 or later <1.06> UEFI: 1.06 / ECP: 1.06 - (New) Initial release for ThinkPad Yoga 260 and ThinkPad S1. -------------------------------------------------------------------------------- LIMITATIONS Nothing. -------------------------------------------------------------------------------- TRADEMARKS * Lenovo, ThinkPad and ThinkVantage are registered trademarks of Lenovo. * Intel is a registered trademark of Intel Corporation. * Microsoft, Internet Explorer and Windows are registered trademarks of Microsoft Corporation. Other company, product, and service names may be registered trademarks, trademarks or service marks of others.