Whenever these things come up I have to point out the most of these manufactures don’t do bios updates. Since spectre/meltdown we see cpu and bios vulnerabilities every few months-yearly.

I know u can patch microcode at runtime/boot but I don’t think that covers all vulnerabilities