A while back we stopped updating this package, as rapid churn to it for meltdown/spectre mitigation was actually introducing bugs affecting some processors. We asked users to instead update their BIOS to pick up new processor microcode. Now that things have stabilized, we should go back to releasing microcode_ctl, keeping it in step with the kernel. BIOS upgrades are particularly onerous to customers who have live product in the field.
Microcode is only loaded into the processor at early kernel startup if the version in microcode_ctl is newer than what the processor is currently running. There is no danger of accidentally downgrading it below what the BIOS provides.
We are currently providing microcode_ctl-2.1-47.2.el7_6.x86_64.rpm, we should at least move it up to correspond with our CentOS 8 kernel. Some security mitigations may require newer microcode.
stx.5.0 / medium priority - should start updating the microcode package at least once a release