http://www.pcmag.com/news/345828/lenovo-pcs-hit-with-another-bug

"A security flaw that affects the BIOS of multiple Lenovo computers remains unpatched nearly a week after an independent security researcher discovered it.

The flaw, which could enable arbitrary code execution, affects the ThinkPad system management mode (SMM), according to a post on Github by a person who identified himself as Dmytro Oleksiuk.

By running arbitrary code in the SMM, a hacker could disable flash write protection and bypass the secure boot-up feature of Windows 10's Enterprise edition, among other actions, according to Oleksiuk. He wrote on June 30 that he confirmed the vulnerability on several Lenovo laptops, from the ThinkPad T450s to the olderThinkPad X220. The possibility for remote code execution could be present in the firmware of other manufacturers in addition to Lenovo, he added.

In a security advisory posted to its website, Lenovo said it confirmed the BIOS vulnerability that Oleksiuk posted, and is still working to find a solution."