Bad, But
It's bad and I will be updating my Windows kit as soon as the microcode is available.
But I rate the possibility of this being a No Such Agency backdoor as low. Given that it allows "activation of test or debug logic at runtime" it seems much more likely to be chip developers not removing all the microcode they used during chip development.
Besides, if the US government is correct and Positive Technologies is working for the Russians, they'd keep the vulnerability secret and pass it on.
That said, I'm retired and if they pry my laptop from my cold dead hands they won't find anything more inflammatory than what I post here.