[Animats]

Intel ME has a DRM app called "Protected Audio-Video Path", which obviously has to be secret.

Which you don't need on a headless server. Which is what the "management engine" is supposed to be for.

[mjg59]

This is incorrect. The management engine is used for a wide variety of tasks, from DRM to providing a TPM to anti-theft code. The AMT functionality (which is where this vulnerability is) is intended for remote management of laptops and workstations. It's usually not present on anything but low-end servers.

[tyingq]

Digital signage boxes probably benefit from remote management too.