"asked Lenovo why this seems to keep happening"
That's why I love El Reg so much.
Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities …
...go here (https://pcsupport.lenovo.com/gb/en/) end enter your serial number and then go to the driver & software section. The auto download will find all drivers and firmware updates and install them using their app which will be/can be downloaded, or manually update from the list of available updates. Lenovo may be as shonky as most OEMs, but they do provide pretty much everything you might need to update or repair their kit yourself in terms of drivers and documentation, something I find certain other brands are a lot more reticent about.
(You may need to click the national flag at top right to select your local country)
The X131e (and all Thinkpads) isn't on the Lenovo list of laptops affected by this vulnerability (see link in article).
However, I've also had BIOS/NVME/UEFI updates that have failed on first attempt this year.
I found sequence to generally be reliable:
1. ensure all other updates have been installed
2. disable the AV software so that it doesn't restart on a reboot
3. as local admin, install only one BIOS etc. update at a time.
4. reboot and re-enable AV software.
Only issue I've had is that it has taken a couple of loops around (allow a few days between each iteration) to get the NVME update to install.
It's certainly waaaay better than it used to be under IBM's remit and the early Lenovo days. I remember the P in the A it was to pull together the drivers required for a fresh Windows install (back when it all had to be done manually) on, say, an old T610. Selecting the right network drivers alone was a nightmare - have I got Intel WiMAX 6250 AGN, Intel Wireless LAN (11abgn, 11bgn, 11ac), Intel Wireless LAN (11bgn) or ThinkPad 11b/g/n Wireless LAN Mini-PCI Express Adapter II. Nothing evident on the machine itself. There are also driver selections for Huawei or Leadcore wireless drivers. The driver was also a self-executable that simply extracted all the files to C:\THINKPAD, so no downloading to a thumbdrive, it was download, run all the exe files, then copy to a thumbdrive and hope you had the right ones.
In Lenovo's praise though, they're all still there in the end-of-life section: