Both vulnerabilities potentially allow any program executing on your computer to potentially read any portion of the computer's memory, as long as you have good or reasonable control over all the programs running on your computer not having a BIOS patch isn't a big problem.
For computers with multiple users all using it at the same time it's critical you have a BIOS update to go with the Operating System Update, but for a home user the BIOS update isn't as critical.
The computer running Drunkard's Walk Forum is an example of a computer system that needs it's BIOS update, because of the large number of users that need to have their passwords and other data isolated from each other, while also allowing unknown and untrustworthy programs to run at the same time.
For a home user with a single family or single user the BIOS update isn't so critical because the programs are "relatively well" checked and "trusted' so that a operating system patch will make using the CPU flaw hard enough that security is brought back to what most consider acceptable levels.
There is however one HUGE source of untrustworthy programs running on home computers that I think require an additional patch.
From most home computer's point of view the Web Browser is the other major user of your computer and you absolutely must keep the web browser fully patched, but even a fully patched Browser also allows unknown untrustworthy "browser programs" to run, for example Flash and JAVA to name only two of a large number.
All these "browser programs" thanks to these two CPU vulnerabilities have the potential to bypass security and read areas where passwords and other sensitive data is stored.
So I'd recommend finding a web browser that has a Patch for the CPU flaw or failing that find a web browser that is fully patched for other flaws and turn off the browsers capability to download and run most other programs from the internet.
For a home computer with a patched OS layer and a Patched Browser layer it should make it nearly impossible for a program operating in the browser's layer or above to use the CPU flaw even when the BIOS is unpatched.
I'd personally be very careful what I let my Web Browser execute, even after getting a computer without these two CPU flaws.
Really you should have already had your web browsers security levels set very high limiting what can be executed.
I know their has been a large number of advertisement driven websites adding scripts that punish users that stop the loading of all the advertisement programs, but i personally think that websites that do that should be a red flagged telling you to stop visiting that site.
It has been demonstrated many times that advertisements, especially advertisements that use a lot of computing resources are a big vulnerability and it is wise to stay away from sites that demand a large amount of computing resources for advertisement.
Most security writers won't mention this, because it hits a little to close to home and their pay checks.
The recent round of Bit coin miners using web site advertisement to load a resource hogging bit coin mining program and steal computing resources from hundreds of thousands of web browsers is a good example.
For most people the bit coin miner advertisement was an aggravation because it caused a medium to large slow down in their computers that "run" the advertisement that persisted until the browser had shut down or in the case of Chrome until the computer was rebooted
I'm fairly paranoid so this "mining" slow down really bothers me because I can't help but worry that all those bit coin mining programs running in the browser and slowing your computer to a crawl as they "dig" for the few remaining bit coins were actually digging for my credit card numbers and bank account info as it passed along my computer's passwords and encryption keys.
hmelton
For computers with multiple users all using it at the same time it's critical you have a BIOS update to go with the Operating System Update, but for a home user the BIOS update isn't as critical.
The computer running Drunkard's Walk Forum is an example of a computer system that needs it's BIOS update, because of the large number of users that need to have their passwords and other data isolated from each other, while also allowing unknown and untrustworthy programs to run at the same time.
For a home user with a single family or single user the BIOS update isn't so critical because the programs are "relatively well" checked and "trusted' so that a operating system patch will make using the CPU flaw hard enough that security is brought back to what most consider acceptable levels.
There is however one HUGE source of untrustworthy programs running on home computers that I think require an additional patch.
From most home computer's point of view the Web Browser is the other major user of your computer and you absolutely must keep the web browser fully patched, but even a fully patched Browser also allows unknown untrustworthy "browser programs" to run, for example Flash and JAVA to name only two of a large number.
All these "browser programs" thanks to these two CPU vulnerabilities have the potential to bypass security and read areas where passwords and other sensitive data is stored.
So I'd recommend finding a web browser that has a Patch for the CPU flaw or failing that find a web browser that is fully patched for other flaws and turn off the browsers capability to download and run most other programs from the internet.
For a home computer with a patched OS layer and a Patched Browser layer it should make it nearly impossible for a program operating in the browser's layer or above to use the CPU flaw even when the BIOS is unpatched.
I'd personally be very careful what I let my Web Browser execute, even after getting a computer without these two CPU flaws.
Really you should have already had your web browsers security levels set very high limiting what can be executed.
I know their has been a large number of advertisement driven websites adding scripts that punish users that stop the loading of all the advertisement programs, but i personally think that websites that do that should be a red flagged telling you to stop visiting that site.
It has been demonstrated many times that advertisements, especially advertisements that use a lot of computing resources are a big vulnerability and it is wise to stay away from sites that demand a large amount of computing resources for advertisement.
Most security writers won't mention this, because it hits a little to close to home and their pay checks.
The recent round of Bit coin miners using web site advertisement to load a resource hogging bit coin mining program and steal computing resources from hundreds of thousands of web browsers is a good example.
For most people the bit coin miner advertisement was an aggravation because it caused a medium to large slow down in their computers that "run" the advertisement that persisted until the browser had shut down or in the case of Chrome until the computer was rebooted
I'm fairly paranoid so this "mining" slow down really bothers me because I can't help but worry that all those bit coin mining programs running in the browser and slowing your computer to a crawl as they "dig" for the few remaining bit coins were actually digging for my credit card numbers and bank account info as it passed along my computer's passwords and encryption keys.
hmelton