I don't believe that making a microcode update available makes the situation
worse. An earlier version is a non-free component of the system anyway.
I believe, that it might well worth to provide the possibility to update it.

I think it would be beneficial, if we got a singned blob for that,
because you implicitly trust for example intel by buying their cpu,
so a blob signed by them could also be trusted.

The second thing that comes to my mind is to have a free tool to perform
the microcode update, so that we can inspect, that nothing else on the
system gets modified.

I'm not very much into the microcode update stuff, but I think, that given
the two assumptions
I mentioned, it would be safe to provide these updates without compromising
freedom
and security more than what the current situation is.