Microsoft upped the security of Windows Update so it would be very hard abuse that now.
Very hard, but not impossible.
More important is to make sure the BIOS has flash protection enabled. That puts and end to it.
That's it. But new generations of firmware, like UEFI, are increasing risk of infection - this is defective by design, because UEFI is meant to be able to freely allow people doing same work, like on normal OS i.e. browsing the Internet, watching movies, writing emails..This will lead to more dangerous threats, that are nowadays.
So, we came to a potential solution of securing PC against BIOS malware - setting flash protection enabled.
Removing of suspected (but maybe fictive) infection seems also very easy - reflash completely entire hardware. Also user can copy existing infected image of firmware, and send it to AV lab, maybe they will find something.
But how we can secure other hardware firmware against such type of infections? Older models of HDD or graphic cards .etc, doesn't have any flash protection, i bet. Some new hardware also can be devoided of such protection.
Also still, we don't know how to detect such almost perfect hidden malware. Currently available tools could fall trying to detect such.
So it seems, that the easiest way (and the hardest at the same time) is to observe own PC, hack it hard and if necessary, develop own tools for such task.
This solution isn't that, what newbies are expecting.