01-09-2018 06:52 PM - edited 01-10-2018 02:03 PM
The Lenovo Support solutions article LEN-18282 lists some systems and the status of BIOS updates. But there are many systems not listed. I'm wondering about a BIOS update from my IdeaCentre K450 desktop.
01-12-2018 07:21 AM
After some heavy-handed moderation on another Lenovo forum, I'm going to ask here.
When will I see a BIOS update for my G50-45 laptop (type 80E3016QUS)? It doesn't appear on any published list.
01-13-2018 11:41 PM
The Lenovo Support solutions article LEN-18282 lists some systems and the status of BIOS updates. But there are many systems not listed. I'm wondering about a BIOS update from my: Lenovo IdeaCentre Q190 Desktop.
Lenovo Q190 Desktop (ideacentre)
01-14-2018 01:51 AM
The End of Life list can be found at https://download.lenovo.com/eol/index.html.
Is there a list of products out-of-support? I'm wondering if my W520 will get a BIOS update
01-15-2018 09:15 AM - edited 01-15-2018 09:15 AM
Your W520 is on the list of systems that will be patched.
01-17-2018 01:45 AM
What about systems that are listed neither in https://download.lenovo.com/eol/index.html nor in https://support.lenovo.com/us/en/solutions/len-18282?
E.g., Lenovo Yoga 2 Pro.
A bunch of rushed patches by, at least, Intel, Microsoft, and Ubuntu, have bricked the systems.
So I don't want to fearmonger and hurry anyone, but it would be nice to have a proper (even approximate) timeline of BIOS updates. Or at least know for sure that it is not coming at all.
01-17-2018 02:54 AM - edited 01-17-2018 02:58 AM
The LEN-18282 advisory seems to be getting updated every couple of days right now, so the best suggestion I have at this point is to keep checking it for updates.
As best as I can tell, Intel seems to be rolling out the patches for the Meltdown and Spectre vulnerabilities starting with their newest CPUs first, and working their way backwards towards older models, according to this statement:
For Intel CPUs introduced in the past five years, we expect to issue updates for more than 90 percent of them within a week, and the remainder by the end of January. We will continue to issue updates for other products thereafter.
However, there also has to be time to formally verify that the patches work. We've alread seen patches withdrawn by Dell, Lenovo and VMware (amongst others) because Intel subsequently found out they were buggy, and I think everyone's trying to avoid having to re-release a patch multiple times because of quality issues.
In the meantime, keep all your other software up to date (operating system, security software, web browser, drivers, etc.). For example, Nvidia and AMD have both stated that their GPUs are not vulnerable to Spectre (Meltdown is Intel-specific), but Nvidia recently released some security updates for their device drivers under Windows because their software was vulnerable, etc.
My day job (I'm a volunteer here) is in the computer security field, and I've been carefully watching how this evolves. To date, I have not seen any evidence of attack code exploiting these vulnerabilties in the wild, so from that perspective, we're more in the prescriptive advice and guidance phase, where the information compromise level from the vulnerability is high, but the risk of it happening, right now, is low.