Intel production microcode revision C6 for Skylake CPUs which addresses L1TF and SSB vulnerabilities has been available since April 17, 2018 even though L1TF was revealed on August 14.

ASUS Z-170 PRO latest version of BIOS (3801) is from April 20, 2018, but it has C2 revision which does not address those two "new" vulnerabilities.

Without firmware support Windows updates for those issues are useless, not to mention that there are no separate microcode update hotfixes for Windows 8.1 like there are for Windows 10 and upgrading to Windows 10 is not an option for me so yesterday I have contacted ASUS support, and I got this reply today:

Dear Valued Customer,

Thank you for contacting Asus, my name is Dimitris and i will try my best to assist you with your current situation.

Regarding the below case, unfortunately there is no official information about the time of the next BIOS release. Please check Asus website periodically and perform all Windows Updates.

In case you are not satisfied by our reply above, please inform us accordingly before filling the satisfaction form.
Damn right I am not satisfied with the answer, it should not take 5 months to include new microcode revision and publish such an important security update.

Also, it should be clearly communicated to customers for how long they should expect security updates for the products they purchased. For me this is the reason I am using Apple phones, even my mom's 5S just updated to iOS12.

Hopefully someone from ASUS management is still reading this forum and can escalate this internally.