The CPU has a burned-in microcode. It can be updated after the CPU is booted, but the updates are only written to RAM and lost on shutdown.
Usually the system firmware will include a recent-ish microcode and automatically update on boot. Many OSs also bundle microcode updates and install them on boot.
Usually the system firmware will include a recent-ish microcode and automatically update on boot. Many OSs also bundle microcode updates and install them on boot.