Except they only acknowledge that it was a problem because they did it wrong and introduced security issues in the process, not that it was a problem to do it at all. And to the best of my knowledge, the Windows "feature" to read and execute a binary from firmware at startup still exists.