I feel like they should do something. I’m not really sure what. Revoking the driver keys seems a little extreme but I’m not sure what else they would be able to do.
My suggestion: remove the malicious driver from Windows Update, push another update to all affected victims that puts them back on the old legitimate driver, and warn Prolific that if they ever do something like this again, that next time the consequence will be revocation.