That is just marketing talk, don't fall for it. They can fix security holes via BIOS updates. I would never buy a discrete TPM module for a platform that already has an integrated fTPM 2.0, it's just a waste of money. Most attacks regarding these kinds of vectors would require sitting in front of the device, or already having a heightened level of access to it somehow, an "average joe" end user simply has a vanishingly small chance of ever becoming victim of such an attack. Even sitting in front of a computer, there are much easier ways to compromise it, and an attacker will choose the path of least resistance, not a complicated one like an fTPM hack.
As long as there are people opening spam mails and believing whatever is claimed in there, as long as social engineering works a treat, the attackers will always go for the low-hanging fruit first. And for a lot of these complex exploits to work, something else must've gone wrong first, for an executable to be run on the system which will then try to elevate access. By buying a dTPM chip and thus making an unlikely attack vector more secure (if that's even the case), you just end up battening down the wrong hatches. It's much more important to keep all your software up-to-date, like e-Mail program, browser and so on, and Windows itself of course.