The fact that Microsoft allowed this in an update is not an issue with Microsoft but with FTDI.
It is a potential massive issue with MS.
Unlike the drivers you download from FTDI, which have a warning, albeit hidden on a second page, the MS stuff is installed without express permission.
If someone were to sue, they would sue MS, not FTDI, as it was MS that delivered the malware which broke their hardware.
However where it gets more muddy is showing intent - FTDI clearly had the intent to cause damage, which is not only a civil but pprobally also a criminal matter (in the UK, criminal damage, and Computer Misuse act) .
My guess is MS will not admit whether or not they knew about it, as if they did know, they would also open themselves to action based on intent to cause damage.