It is still a mystery to me how it is possible. See the post about this happening to someone else: https://www.dell.com/community/XPS-Desktops/Windows-10-2004-Upgrade-Gone-Bad-No-Boot-XPS-8900/m-p/7656237#M52226

Thanks for the link to the other thread, I will go check that out...

@AZBigdog   - I queried my Dell tech contacts why Windows Update is offering BIOS updates for the XPS 8900.

Did Windows Update give you a Yes/No option for the BIOS update or did WU run it without asking? Critical question for various reasons...

@RoHe I believe there was an option. Although skeptical I did go for it as I assumed it would then allow the update to 2004 (which I'm still waiting on). So far no other issues (knock on wood) 

Dell is only responsible for a failed BIOS update on a PC that's under warranty, if a live Tech Support Agent told the user to update BIOS. If an agent didn't recommend the BIOS update, Dell will only replace the motherboard one time, even if the PC is under warranty. SupportAssist does not count as live Tech Support.

The XPS 8900 is surely out of warranty so a BIOS update failure is only covered if a live Support Agent instructed the user to run the update. SupportAssist does not count as live Tech Support. 

Read Dell's entire BIOS Update policy here...

Why the rush for v2004? It's still got lots of bugs that Microsoft hasn't fixed yet...

Thanks for the info about BIOS update options. If it were my PC, I'd decline every offer from Windows Update to update BIOS, and then do it myself manually, outside Windows from a USB stick.

YRMV!

My XPS 8930 system has been running fine with the latest 2004. I never got a notice for a BIOS update from Windows. I did get a notice from Support Assist that there was a new BIOS. I installed it and no problems. It shows a security update and is a important update. If it does brick a system Dell should be responsible. You have to be very careful with BIOS updates. Close as many programs as possible and do not use your computer while it is updating. And I think there is a way to update outside of Windows with a USB?

@RoHe Apparently Windows 10 update is offering BIOS updates in some cases. This is scary because updates can only be deferred for a certain amount of time before you are forced to update. Here is a YouTube video showing Windows update offering a BIOS update on a Dell machine: https://www.youtube.com/watch?v=KjCLIF9KXuo

@Vic384  - Philip Yip, whose youtube you linked, is a Dell Rockstar and a regular contributor here.

IMO, being forced into doing a BIOS update isn't a good idea, given Dell's BIOS update policy. 

@RoHe Dr. Yip is also a Microsoft MVP. I agree that BIOS update via Windows update is not a good idea, in fact, it is a stupid idea. I don't know what Microsoft is thinking.

FWIW, my XPS 8930 has SMBIOS 3.1.

I raised this issue a year and a bit ago when I noticed my OptiPlex 7050 auto-update the UEFI BIOS Update from Windows update. I never got a response.

As far as I can tell, Dell Update (if installed) is more likely to find the UEFI BIOS Update and automatically download it and then apply it. Dell likely submit the update to Microsoft around the same time and it gets added to Windows Update and installed a couple of months later. This is perhaps true with all driver updates with the OEM Driver Update applications likely to only be slightly ahead of Microsoft in most cases (if at all). I think Microsoft probably will try to push UEFI BIOS Updates before updating Windows 10 to the latest mainstream build as the UEFI BIOS Updates can resolve some Boot issues.

Also it isn't a Windows only issue, OEMs have began using services such as Linux Vendor Firmware Service (LVFS) so Ubuntu 20.04 and most other modern Linux distributions will also automatically update the UEFI BIOS using their update service. I am finding comments on my guides, particularly for newer systems for both Windows and Linux where users had boot issues trying to install an OS and this was resolved with a UEFI BIOS Update.

The UEFI BIOS auto-updating is in most cases more useful than not as sometimes newer builds of Windows or Linux require the UEFI BIOS to be up to date to allow the OS to boot properly. Under the hood this may be due to Security Firmware Updates for Intel Management Engine Interface, UEFI BIOS Guard and Secure Boot in particular. 

Dell systems with a System Management BIOS (SMBIOS) of Version 3.0 or higher have a number of improvements in the UEFI BIOS setup over earlier UEFI BIOS systems. The SMBIOS corresponds roughly to the age of the hardware (and is not updated unless basically you get a newer PC and newer hardware). The SMBIOS Version of 3.0 corresponds to Intel Skylake so I would guess the XPS 8900 also has a SMBIOS Version of 3.0.

1.) First is the ability to update the UEFI BIOS directly within the UEFI BIOS Boot Menu from a FAT32 formatted USB Flash Drive. This will work with Secure Boot Enabled.

Systems have a SMBIOS of 2.4-2.9 had to use a FreeDOS Bootable USB.

2.) With this mechanism comes the ability to auto-recover the UEFI BIOS from either an internal hard drive or USB Flash Drive.Details about this setting can be seen in Maintenance and BIOS Recovery. 

Essentially during a UEFI BIOS Update, the UEFI BIOS Update gets stored onto a specific location in the Hard Drive. If the UEFI BIOS Update fails, the setup will look for this file and automatically try reflashing. This setting requires an AHCI drive configuration (not sure if bitlocker or other encryption will prevent it from accessing the file). Perhaps a small temporary recovery partition is made. If not a FAT32 formatted USB Flash Drive with the UEFI BIOS Update can be plugged into the system and the UEFI BIOS should be able to automatically recover from the UEFI BIOS Update.

3.) It appears that you can disable the automatic updating of the UEFI BIOS within the UEFI BIOS setup. Go to the Security tab and look for UEFI Capsule Firmware Updates. You should be able to uncheck the setting to Enable UEFI Capsule Firmware Updates.

4.) Downloads.Dell.com has been retired. This used to be heavily linked to drivers and downloads. I used to however use this more than Dell Drivers and Downloads as it was easier to find older versions of things like the UEFI BIOS. Looking at the OptiPlex 7040/7050 and 7060 the Drivers and Downloads page have the latest UEFI BIOS Version that corresponds to those on my systems which are on the Developer Track of the Windows 10 Insider Preview. The last update on the XPS 8900 is however 2.6.1. It looks like Dell has forgotten to add it.

I haven't tested all these autorecovery mechanisms on the OptiPlexes. I did test some things on a XPS 13 9365 and it ironically bricked the motherboard during an attempt at using BIOS Recovery. This system was under warranty (at the time) and Dell replaced the motherboard. However this model had a touchscreen style UEFI BIOS Setup. Later touchscreen XPS models don't have this so I will assume it was a non-standard UEFI BIOS Setup. I don't really see Dell offering support/replacing a motherboard for a system out of warranty.

“BootHole” Vulnerability in GRUB2 Bootloader Affects Billions of Windows and Linux Devices

The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled.

https://nvd.nist.gov/vuln/detail/CVE-2020-10713

I am not sure what the Boot Hole vulnerability has to do with the XPS 8900 BIOS update issue, but here is another article about the Boot Hole vulnerability: https://arstechnica.com/information-technology/2020/07/new-flaw-neuters-secure-boot-but-theres-no-reason-to-panic-heres-why/

According to the article, the severity of the vulnerability is offset by a few things, the attacker must have administrative rights over the computer or physical access to the machine. 

@Philip_Yip 

I don't like that Microsoft is pushing UEFI BIOS updates via Windows update. Unlike OS updates, BIOS updates risk bricking your motherboard. In addition, I know of no Windows 10 update that has required a BIOS update.

1. I do not know the version of the SMBIOS in the XPS 8900, but I have an XPS 8910 and the version of the SMBIOS is 2.8, so I assume the version in the XPS 8900 is older or the same.

2. I am pretty sure that the XPS 8900 (8900, 8910, 8920, 8930) series computers do not have in the BIOS the ability to disable automatic updates of the UEFI BIOS.