diff --git a/README.md b/README.md
index 02fc2fb69..2cf77dee5 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,8 @@ security/tor -- The Onion Router
 security/wazuh-agent -- Agent for the open source security platform Wazuh
 sysutils/apcupsd -- APCUPSD - APC UPS daemon
 sysutils/apuled -- PC Engine APU LED control (development only)
+sysutils/cpu-microcode-amd -- AMD CPU microcode updates
+sysutils/cpu-microcode-intel -- Intel CPU microcode updates
 sysutils/dec-hw -- Deciso hardware specific information
 sysutils/dmidecode -- Display hardware information on the dashboard
 sysutils/git-backup -- Track config changes using git
diff --git a/sysutils/cpu-microcode-amd/Makefile b/sysutils/cpu-microcode-amd/Makefile
new file mode 100644
index 000000000..eacda9643
--- /dev/null
+++ b/sysutils/cpu-microcode-amd/Makefile
@@ -0,0 +1,8 @@
+PLUGIN_NAME=		cpu-microcode-amd
+PLUGIN_VERSION=		1.0
+PLUGIN_COMMENT=		AMD CPU microcode updates
+PLUGIN_DEPENDS=		cpu-microcode-amd
+PLUGIN_CONFLICTS=	cpu-microcode-intel
+PLUGIN_MAINTAINER=	franco@opnsense.org
+
+.include "../../Mk/plugins.mk"
diff --git a/sysutils/cpu-microcode-amd/pkg-descr b/sysutils/cpu-microcode-amd/pkg-descr
new file mode 100644
index 000000000..cdf882f5f
--- /dev/null
+++ b/sysutils/cpu-microcode-amd/pkg-descr
@@ -0,0 +1,6 @@
+Updating your microcode can help to mitigate certain potential security
+vulnerabilities in CPUs as well as address certain functional issues that could,
+for example, result in unpredictable system behavior such as hangs, crashes,
+unexpected reboots, data errors, etc.
+
+The microcode update will be loaded when the system is rebooted.
diff --git a/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode b/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode
new file mode 100644
index 000000000..c7cbf86a3
--- /dev/null
+++ b/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode
@@ -0,0 +1,2 @@
+cpu_microcode_load="YES"
+cpu_microcode_name="/boot/firmware/amd-ucode.bin"
diff --git a/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode b/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode
new file mode 100755
index 000000000..4dab1e32c
--- /dev/null
+++ b/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+export microcode_update_enable="YES"
+
+/usr/local/etc/rc.d/microcode_update start
diff --git a/sysutils/cpu-microcode-intel/Makefile b/sysutils/cpu-microcode-intel/Makefile
new file mode 100644
index 000000000..bd0f7384c
--- /dev/null
+++ b/sysutils/cpu-microcode-intel/Makefile
@@ -0,0 +1,8 @@
+PLUGIN_NAME=		cpu-microcode-intel
+PLUGIN_VERSION=		1.0
+PLUGIN_COMMENT=		Intel CPU microcode updates
+PLUGIN_DEPENDS=		cpu-microcode-intel
+PLUGIN_CONFLICTS=	cpu-microcode-amd
+PLUGIN_MAINTAINER=	franco@opnsense.org
+
+.include "../../Mk/plugins.mk"
diff --git a/sysutils/cpu-microcode-intel/pkg-descr b/sysutils/cpu-microcode-intel/pkg-descr
new file mode 100644
index 000000000..cdf882f5f
--- /dev/null
+++ b/sysutils/cpu-microcode-intel/pkg-descr
@@ -0,0 +1,6 @@
+Updating your microcode can help to mitigate certain potential security
+vulnerabilities in CPUs as well as address certain functional issues that could,
+for example, result in unpredictable system behavior such as hangs, crashes,
+unexpected reboots, data errors, etc.
+
+The microcode update will be loaded when the system is rebooted.
diff --git a/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode b/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode
new file mode 100644
index 000000000..976a36fa5
--- /dev/null
+++ b/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode
@@ -0,0 +1,2 @@
+cpu_microcode_load="YES"
+cpu_microcode_name="/boot/firmware/intel-ucode.bin"
diff --git a/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode b/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode
new file mode 100755
index 000000000..4dab1e32c
--- /dev/null
+++ b/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+export microcode_update_enable="YES"
+
+/usr/local/etc/rc.d/microcode_update start