A modern motherboard can update it's BIOS from a USB stick WITHOUT a CPU or memory installed.
Think about that. The motherboard "knows" how to read a FAT file system from a USB mass storage device, verify it's digital signature and flash it with no main CPU or memory.
And also born out necessity, given that many Intel and AMD boards can't be booted with a too new CPU if the BIOS doesn't know about it - not even for flashing a new BIOS - so you needed to borrow an old CPU just for the sake of upgrading the BIOS.
It was originally to solve the issue where if you lost power flashing your bios you’d brick the system irrevocably. Now even if the bios is corrupt and the system won’t boot you can reflash a known good firmware with stock settings to get back up and running.
I think you're talking about the ME but I don't think the ME is responsible for "BIOS" flashing. I think it must be a separate microcontroller. This is kind of the point of the original blog post: don't go looking for "the microcontroller" because there isn't just one; there are many.
Usually this is still host firmware and not a secondary controller, at least on x86 platforms. To detect/use the USB controller you still need to configure the chipset/root complex and do an initial PCIe bus scan to set up PCIe BAR apertures. After that occurs you need a (primitive) USB stack that is able to talk to the USB controller to enumerate the USB devices as well as block storage and filesystem layers. All of this code is implemented as a collection of DXE drivers that implement various UEFI protocols which are initialized in the UEFI DXE phase that runs after SEC and PEI phases. On Intel platforms PEI does things like training the DRAM and PCIe links so memory is always available to DXE. Unfortunately, there's still a lot of code that needs to run to get this to work.
After FW update binaries are located it's not uncommon to write them to a scratch flash and then reset the system. On reset somewhere in the flow the scratch flash is checked for an update and then the hardware sequenced flashing registers in the chipset are utilized to actually flash the firmware. Another reset is performed to boot from the freshly flashed firmware.
There are variations on this flow depending on the firmware implementation and platform/vendor which can simplify it but that is usually the basic idea. Various microcontrollers are definitely employed for other platforms (even on x86, such as the embedded controller though these perform auxiliary tasks to the host firmware rather than the whole thing).
Updating without a CPU installed usually is on the embedded controller itself but that's not a normal update flow IIRC.
Think about that. The motherboard "knows" how to read a FAT file system from a USB mass storage device, verify it's digital signature and flash it with no main CPU or memory.