HP pushed critical BIOS updates through Windows Update that rendered premium laptops unbootable. Users woke up to machines frozen during boot, spiking fan noise, and blue screens of death. And now the company is "looking into the matter."
This is why people don't update firmware.
The affected models are HP's high-end lineup: ZBook Ultra G1a and EliteBook X G1a. These aren't budget machines. They're premium devices aimed at enterprise customers who rely on them for actual work. The broken BIOS versions (01.04.03, 01.04.05 for ZBook; 01.03.11, 01.05.00 for EliteBook) were flagged as critical and automatically deployed.
Users had no choice. The updates installed without user intervention because HP and Microsoft classified them as critical security patches.
Here's what makes this particularly egregious: It's HP's second major BIOS incident. A 2024 update similarly rendered ProBook devices inoperable, leaving customers facing expensive repairs. That wasn't an isolated mistake. It was a pattern.
HP's official response is that they're "aware of purported BIOS issues" and recommend affected users contact support. That phrasing - "purported issues" - is doing a lot of work. The issues aren't purported. They're documented across support forums by people holding expensive paperweights.
Some users found workarounds. Network-based BIOS downgrade functionality worked for those who owned HP USB-C to Ethernet dongles - a $30 accessory that shouldn't be required to recover from a vendor-pushed update. Others are stuck waiting for HP support to roll out fixes or replacement motherboards.
The deeper problem is trust. Firmware updates should be installed promptly because they often patch serious security vulnerabilities. But when vendors push broken updates that brick devices, users learn to avoid updating entirely.
That creates a worse security outcome than having no updates at all. Users with unpatched BIOS are vulnerable to exploits. Users who update when vendors tell them to risk unbootable systems. And vendors face no real consequences for shipping broken firmware beyond bad PR.
HP will eventually fix this. They'll release a working BIOS update, restore affected machines, and issue a statement about improved testing procedures. Then in 18 months, they'll push another broken update and we'll do this again.
The technology is critical. BIOS updates patch vulnerabilities at the hardware level where traditional security software can't reach. They're necessary.
The question is whether vendors take firmware quality seriously enough to justify the trust users need to place in automatic updates. Because right now, the answer is clearly no.
