Cool waste of time!
Speaking of time, your processor is still """vulnerable""" for about half a second before BIOS loads the microcode. As """vulnerable""" as it would be for the five seconds or so it takes before the OS would have loaded the same microcode into it, if you've installed system updates on any current OS (and most outdated ones too) in the last 3 to 6 months. Thus, risking it and flashing BIOS is only protecting you from exploits in a five second window, where nothing can even happen because you aren't booted into an OS yet. Besides that this bug only matters on large hypervisors really, so if you don't run the servers at Amazon S3 or similar you don't need to patch for this, at all. You might as well get a car alarm for your 1992 Geo Metro, or a full-on armed bank guard service for your piggy bank... nobody is targeting the useless contents of your personal computer, it's far easier to trick idiots with regular worms or fake portal login pages. They want the big high density apartment condos since this lets them see through walls, fiddling with Xray vision in your ranch house where you live alone nets them no cool data.
But it's entertaining to watch everyone chase their tails as if doing something positive. I'm just sad nobody bricked a board yet doing these better safe than sorry voodoo rituals on their flash, and losing their warranty in the process. Don't you think if it mattered whatsoever to have current microcode in BIOS, the board manufacturer would slip a new approved version out so it wouldn't void warranty? They didn't, both because it's unimportant to load it that early (unless it breaks boot handoff to the OS / supports a newer CPU), and the OS providers released patches, so you're already running new microcode unless you intentionally blocked the updates or reverted (to keep your performance). Therefore I bet you morons are benchmarking the same microcode and then claiming no degradation - well yeah you've tested apples against apples of course there is no difference. You've just moved when the patched microcode got loaded by a few seconds, both events happen well before you can even login. You would have to ensure the OS is not loading any new microcode, run "before" benchmarks, flash the hacked warranty blaster BIOS from here and then do the "after", to see a real result. It can be tough to trace which MS KB# installed various microcode versions into Windows in order to revert them, to get an accurate test, but you would have to have done that to test real unpatched microcode (or run the before benchmark last year before any paranoid-panic-OS-vendor-patchfest happened).
You might as well wear full body armor on top of bubble wrap to go to the store, you know, good old better safe than sorry. Also, walk, because driving is more risky than leaving this bug unfixed. But don't cross any streets as that is probably more unsafe than driving. Oh and wear a helmet too, so regular people know you're "insane about safety" (they would only suspect regular insanity otherwise).
