Not that anyone is surprised or even cares but two more severe bugs have been found in the Intel Management Engine firmware. They allow remote execution with full privileges:
https://nvd.nist.gov/vuln/detail/CVE-2018-3627
https://nvd.nist.gov/vuln/detail/CVE-2018-3628
An article about these vulnerabilities on Tech Republic provides summaries and lists the affected processors.
(Score: 0) by Anonymous Coward on Tuesday July 31 2018, @09:15PM
Intel has been patching old firmwares, sometimes even multiple times... but they only distribute some of them, nevermind all are marked as ready.
Example with two unreleased updates (or three, where is 0x08?) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903141 [debian.org]
So why update them and later keep them? Only for NSA machines?