03-20-2018 02:47 AM
Lenovo has a lot of different models which is still needs to validate the microcode updates on, so even though your model isn't currently listed, it may appear in a future update of the LEN-18282 security advisory, as that's been getting updated every couple of days this month.
03-24-2018 04:54 AM - edited 03-24-2018 04:55 AM
It's really a shame! Not even the Pro model is listed. If at least the BIOS was not digitally signed, so that we could mod the BIOS ourselves.
But that's what you get for thinking Lenovo is the industry leader. In fact, now they are worse than Dell, HP, and all the other premium brands. I'd really like to use swear words here...
03-24-2018 05:12 AM
03-25-2018 12:11 AM
Funny you should mention that, as I actually do something like that as part of my day job. I published an article at work where I've been tracking the various responses from vendors to the Spectre and Meltdown vulnerabilities. Currently, there are 319 entries listed for vendors, and 39 for industry and government agencies around the world. Personally, I am quite happy with how Lenovo is handling things, especially when compared to, say, Dell or HP.
It will very useful to collect and publish statistics, how quickly different computer companies patch BIOS'es of their models, including old. Many people will use this information to decide, which laptop or MB to buy. I hope, that anyone will implement this idea. Later or sooner.
03-25-2018 05:28 AM
Official responses can differ from the real activity. So (at least for me) the plots with dependencies of percentage of patched BIOS'es on model year and/or CPU, possibly separate for different model groups (top, intermediate, bottom level, corporate segment etc.) will be more informative and useful. There are many specialists in web scraping, volume of data to extract from each site is not very big...