Vulnerability patches for Intel ME are a half-measure and not forward-thinking. Siding with the EFF position, I would like to see Intel officially endorse a ME removal method. To put this problem in perspective, Intel embedded a secret, MINIX-based OS (complete with web server) into their Core-based CPUs starting in 2008, and only conducted a security review of it in 2017 after third-party researchers identified it as highly exploitable in 2016. Intel had already provided the NSA with a method for disabling ME, so it is clear that the risks were well known for years prior to public disclosure. Intel provides a Risk Assessment Tool for some vulnerabilities but it is not clear if they will continue to update it as new vulnerabilities are disclosed.
Vulnerability patches for Intel ME are a half-measure and not forward-thinking. Siding with the EFF position, I would like to see Intel officially endorse a ME removal method. To put this problem in perspective, Intel embedded a secret, MINIX-based OS (complete with web server) into their Core-based CPUs starting in 2008, and only conducted a security review of it in 2017 after third-party researchers identified it as highly exploitable in 2016. Intel had already provided the NSA with a method for disabling ME, so it is clear that the risks were well known for years prior to public disclosure. Intel provides a Risk Assessment Tool for some vulnerabilities but it is not clear if they will continue to update it as new vulnerabilities are disclosed.