At work, machines are either HP or Dell. Easy to go to their website and download the latest BIOS to update the microcode. Install the OS patch, then use the speculation powershell cmdlet to verify protection - all green. Now what about ancient CPUs like Q6600? What about custom build machines? Gigabyte probably isn't on the ball like HP/Dell with their BIOS updates. And HP will only update BIOSes back to certain generation machines (makes sense; why update out of support models). I'm guessing if you have an older HP machine and HP doesn't update the BIOS for it, then you're SOL? It sounds like just having the KB4056890 installed will not keep you fully mitigated - you need a bios/firmware update too.