[devy]

   Security is a cost center and most OEMs run on margins too thin 
   to bother with security patches even if they cared. Most simply don’t care.

I think that sums up pretty well why downstream vendors are treating security casually. So the billion dollar question is, how do we fix this, as a tech community?

[thraway2016]

This is an unpopular position, but approaches like BrickerBot are likely to be effective.

[dom0]

OEMs are not involved at all with ME afaik, it's exculusively controlled by Intel.

[wmf]

OEMs have to ship ME firmware updates; Intel has no way to get them to you directly.

[cynix]

Can't they install an update remotely via this vulnerability? :p

[etherealG]

No joke, this would be the best thing for everyone. Especially if we find a way to do it ourselves rather than wait for a vendor to.

I've been thinking for years about writing a virus that patches the vulnerability it used to spread as it goes.

[5ilv3r]

Open architectures are a solution, even if there is no single common solution. Diversity is something we have been missing since windows became popular, and although security through obscurity is not a strategy, diversity certainly serves well at limiting the scope of damage possible for a single attack.

[na85]

I'm not sure the tech community is able to fix this, short of the brickerbot mentioned by another poster. Frankly, I think this situation will only resolve if and only if there are dire financial consequences to OEMs that pay lip service to security.