Lenovo issued a public response, saying that it tried to speak to Oleksiuk before he published the flaw to no avail. It corroborated the suggestion that the code was supplied by a third party working from common code that came from Intel. The firm doesn't go so far as to assign blame to the chipmaker, but there's enough to imply that there's a whole heap of fault going that way. Lenovo added that it's investigating the issue and will work with its partners to develop a fix as soon as possible.

There's also a theory that the compromising piece of code might not have been created in error, but placed there as a backdoor. Oleksiuk mentions this just once, in passing, but the Register points out that Lenovo's public statement leaves a few questions. For instance, the manufacturer says that it is "determining the identity of the original author," because it "does not know its originally intended purpose." Although we'd like to think that if the CIA (or its brethren) did write it, it had the sense not to leave any evidence of its involvement.