@mjg59 @Suiseiseki
What has changed is the addition of an update layer loaded into volatile memory at boot, which can patch, modify or add behaviors. Using microcode updates for mitigations like Spectre does not mean the base microcode ceases to be hardwired, nor that the physical MROM is altered. These updates act on internal volatile memory that dynamically overrides behavior, while the MROM remains intact. Thus, modern CPU microcode operates on two levels: a hardwired base layer and a software layer that adds flexibility without changing the underlying hardware.

It is also important to note that vulnerabilities such as Spectre are not "mitigated" exclusively through proprietary microcode updates. Many effective mitigations are implemented at the operating system level —especially in the kernel— such as retpolines, kernel page table isolation, speculative execution barriers, et cetera.