I think I'm beginning to understand the update process.
1. Flaw found in infrastructure. Devs scramble for solution.
2. Devs find a way to fix this but the fix requires OS patching to mitigate the risk first, then the hardware needs an update.
3. Software players send out notifications they are doing Stuff and Things, OS vendors send out updates, people start rebooting servers.
4. Cloud vendors who control their hardware platform deploy CPU/BIOS level updates as they've already patched their systems at the Software Level
5. Intel releases a statement about sending out Microcode updates to vendors who will then patch the BIOS in the hardware to mitigate these vulnerabilities at the hardware level and to remove performance concerns at the OS level.
6. Asus, HP, Dell, IBM, Lenovo send out BIOS updates to consumers and business' to upgrade their BIOS with new microcode given to them by Intel which then assists in the patching done prior.
We have 2 steps here that are needed to be fully patched:
1. OS is patched to take advantage of new and upcoming microcode
2. The BIOS/Microcode itself by Intel.
Step 1 will get rid of the security problems, Step 2 will get rid of the performance problems.