Intel CPUs receive updates, including security relevant upgrades, through 2 channels:

• Firmware/UEFI BIOS updates can also update the microcode in CPUs. This is the preferred and persistent way
• the intel-microcode package can patch the microcode in the CPU at boot time, given the kernel is cooperating. This patch is ephemeral and will be lost after a processor hard-reset or power-off.

Is it important to install microcode updates?

UI/UX Design by

We make sure that your target audience has the best possible experience with your digital product. You get:

• Design tailored to your audience
• Proven processes customized to your needs
• An expert team of experienced designers

Read more Show archive.org snapshot

Yes. From the README.Debian.gz in the intel-microcode package:

While most of the microcode updates fix problems that happen extremely
rarely, they also fix high-profile, high-hitting issues

How to install an microcode update?

If one is available and deemed sufficiently stable from Debian's or Ubuntu's perspective, the intel-microcode package is updated and the new microcode is available after the next reboot.

Which microcode version am I running?

Look for the revision in

$ zgrep microcode /var/log/kern.log*
var/log/kern.log.1.gz:Dec 24 13:37:00 random_hostname kernel: microcode: sig=0x50657, pf=0x1, revision=0x5003303
var/log/kern.log.1.gz:Dec 24 13:37:00 random_hostname kernel: microcode: Microcode Update Driver: v2.2.

You can tell if your system has had its CPU microcode patched upon boot if you also get the following line:

var/log/kern.log.1.gz:Dec 24 13:37:00 random_hostname kernel: microcode: microcode updated early to revision $some_revision

Where and how exactly does the microcode update happen?

The intel-microcode package is using a hook in the system's initrd. It will patch the CPU before booting the rest of the operating system.