How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.
If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.
Every OS allows you to directly update the firmware from it. I get occasional firmware updates for my laptop from ASUS through Windows update and firmware updates from Dell for my XPS 13 from Ubuntu's apt repo. You can't expect everyone to be able to update their firmware by sticking it on a thumb drive, going into the firmware settings, and updating from there. Especially in a corporate setting when people don't normally have access to the motherboard firmware and IT can't access the computer unless an OS is running. And you can't expect people to turn in their computers for a firmware update since that means downtime.
The only thing that's preventing something wrong from happening is it requires admin privileges to do this. Which you know, I hope you're not blindly clicking OK on the UAC prompt every time it comes up.
EDIT: Additionally digital signatures make it hard for people to spoof the firmware. This is why Microsoft has been pushing the TPM requirement hard. So even if you uploaded malicious firmware, if it doesn't have the right digital signature, the computer's going to fail to boot.
And hopefully there's a back-up on the motherboard it can fall back to.