bleepingcomputer[.]com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
Phoenix is one of the companies supplying BIOS chips to motherboard manufacturers, and there's a problem with the code in the chip's firmware that, according to Bleeping Computer, effects "hundreds of models from Lenovo, Dell, Acer, and HP". It's up to the PC/laptop manufacturer to release patched firmware updates -- Lenovo began releasing fixed firmware in May. Make sure you have a backup and follow the manufacturer's directions as exactly as possible -- it's uncommon, but anything going wrong while updating BIOS firmware can potentially brick the device. If the manufacturer has the current BIOS version available as well as the new one, or if the BIOS has an option to save the current version, do so -- if the new version has problems you might want, or have to go back to the old version.