If I just update Windows 10, is that okay or should I do anything else
further to make the laptop secure. Lenovo does not officially give any
BIOS update, is there any other way the board manufacture issues
updates to BIOS?
Only CVE-2017-5753 and CVE-2017-5754 can be fixed with kernel changes to Windows.
CVE-2017-5715 requires a silicon microcode update, but Intel at least initially, will only provide patches to Haswell and newer products.
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
Intel wants to initially provide patches, only for processors released in the last five years, by the end of January. What happens to older processors is unclear.
Intel boss Brian Krzanich announced at the industry fair CES, to
provide updates for Intel processors of the past five years, which are
to close the security gaps Meltdown and Spectra. 90 percent of these
processors will receive an update within the next seven days, the rest
by the end of January.
Additionally, the software mitigations are more effective on Haswell and newer products, due to their support for PCID.
Recent Intel processors from the generation Haswell (2013) aka Core
i-4000 / Xeon E5 v3 have a feature called Process-Context Identifier
(PCID), which reduces the performance penalty of the meltdown patches.
Software activates PCID via the control register CR4 of the processor
(PCID Enable / PCIDE). Then a 12-bit PCID can be set in CR3 to
distinguish the memory areas of up to 4096 running processes.
Source: Meltdown and Specter: Intel patches processors produced from 2013, confirms performance impact update
Dell will have to update a firmware update in order to update, which includes the Intel provided microcode update, otherwise, you will be at least partially vulnerable to CVE-2017-5715.
