I read of the Q3 vulnerability notice on ME/SPS/TXE. It links to a vulnerability detection tool that is supposed to scan for vulnerabilities. I just ran it on a desktop computer and it says "Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer)." Why can't you tell me if a system is vulnerable without the driver? A lot of the systems I'm responsible for are old, should I really be seeking out those drivers just to find out if the systems are vulnerable? Aren't these problems specific to certain chips?
edit: WIRED article about the vulnerabilities:
https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/