Intel has now acknowledged a security flaw recently discovered by third party security researchers. Fixes are on the way, but there's a catch, the patches will be coming from your motherboard manufacturer, not Intel.
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.