[dongvsascript]

that's like saying having a flimsy house door lock lying in your kitchen drawer is a security problem.

you have hardware on the cpu no longer accessible by software. you have a mellanox network card the me can't talk to. it's there, in the kitchen drawer. it's no longer in the door -so not a security problem.

the 'issue' requires physical access to the machine, and for you to be logged in with an admin account. if someone is physically sitting next to your server and logged in as root, you have no security anymore. they don't need to break into anything, the can just run what they want already.

someone is in your car with keys in the ignition. you're saying they can steal your car by hacking the entertainment system because it's insecure.

[R0b0t1]

No, this is more akin to having a flimsy plywood door with a plastic lock right next to your real one but acting like you've solved the issue by taping a "please don't use" sign over it.

Intel ME is still there. It is still potentially remotely configurable and remotely updateable. That those features are not advertised is irrelevant, they can be assumed to be there or easily added.

[dongvsascript]

'It is still potentially remotely configurable and remotely updateable.'

and there's the issue. it is literally not remotely anything, since in the stated configuration it is not possible to get to it unless you are physically sitting at your computer and logged in. you are making stuff up and saying the thing you made up is dangerous.

[yencabulator]

Sure, but not using an Intel NIC is supposed to make it already not remote accessible, without all this work.

If ME is still involved in the system, it can still act as an undetectable permanent implant/rootkit, you just need to burn one 0day to reach it by breaking into the x86 part first.