I was thinking more large corporates with thousands of machines. Windows updates will have a tried and tested and largely automated patch process (because it happens so often). Not so much when trying to patch/update a processor/chipsets. Installing NICs isn't really an option. Even identifying vulnerable machines will be quite a challenge.