As far as I know, it is enough to keep your system up to date.

In the last nine years, have seen intel-microcode packages updated once every blue moon, probably because my box runs on a legacy (EOL 03/2013) Intel Yorkfield (Core™2 Quad Q9550) processor.

The intel-microcode package is/has been there as part of the installation/upgrades from the start:

~$ apt list | grep installed | grep -i microcode
--- snip ---
intel-microcode/oldoldstable-security,now 3.20231114.1~deb10u1 amd64 [installed]
~$ 

And then there is what you can see here.
Microcode for Intel and amd64 CPUs all the way from up Jesse down to Ceres.

So any time a microcode package gets upgraded, it is made available for you in the Devuan repositories.

You would have to take intentional steps to keep your system apt from actually downloading and installing it.

I may be missing something in your particular case, but in my opinion, keeping your system up-to-date is not an option to consider.
It is something you do.

Best,

A.

I used to never really use microcode updates. However, recently I was exposed to some kind of low level rootkit like malware on my UEFI bios or within the Intel NIC PXE like system.

see:
https://platypusattack.com/

An attacker can use intel rapl to potentially find encryption keys and other secrets. I noticed this when intel_rapl kernel module was not able to be disabled and other conditions where they were trying to maintain persistance. It could effect every linux OS on intel platform post Sandybridge with SGX enclaves built in.

So from now on, I will be utilizing microcode updates to protect myself going forward from these kinds of attacks where SGX instructions are present.  I thought I should share with others so they can evaluate their choice in keeping their microcode up to date depending on their hardware and the presence of intel SGX enclaves instructions.