[cesarb]

That heavily depends on your usage. Most microcode security issues are local-only, so if your use case doesn't require the local execution of arbitrary executable code, all you lost is one extra security layer, which would become relevant only if other security layers (the ones which prevent arbitrary local code execution in the first place) fail.

[Suzuran]

It is my understanding that due to the structure of modern web browsers it is by design that they execute arbitrary code from various sources, be it plugins or updates or whatever, and due to the microcode issue any flaw in any of those was equivalent to a full system compromise at the firmware level and could persist across a wipe/reimage of the machine. My management was not comfortable accepting that risk.