Even if there aren't backdoors, things like this[1] affecting AMD Zen CPUs, where microcode signing keys changed and thus the firmware needs to be updated to allow the new keys, would prevent machines from using new microcode updates.

[1] https://github.com/divestedcg/real-ucode?tab=readme-ov-file#...