As many of us early adopters have been moved to legacy status I am making this pretty simple guide. None of the ME firmware available in the BIOS files posted here are vulnerability free. For those of us deprecated years ago, the list is LONG.
 
There are tons of vulnerabilities. If your ME Firmware is not up to date, here is a list of such vulnerabilities. Check the publish date of the latest ME updating BIOS for your card and that's a good estimate of how many are left unpatched.
https://www.intel.com/con...1784/technologies.html
 
You can see if you are vulnerable with this file, then again after updating to see that you are free from known trouble.
https://downloadcenter.intel.com/download/28632
 
Here is a link where you can find further links to the right thread with the current firmwares for various chipsets of the last 7 or 8 years. Make sure you get the firmware for your specific chipset. Someone had a corporate board and failed flashing.
https://rog-forum.asus.com/t5/hardware-build-advice/index-all-my-firmware-drivers-software-threads/m-p/827232
 
Find the download you need (comes with the official Intel ME FW and patcher). Right click start, click device manager, and make sure under system settings you have your current or newer Intel Management Interface installed. If not, check if Windows will install/update it for you or go grab it from EVGA downloads.
 
I had no issue, but consider being sure your vital data is secured if you use virtual TPM, such as a system image or duplicate files on another drive. I run BitLocker on my OS drive with the ME's virtual TPM and had 0 issues booting after patching, but I have dual bios and my recovery key on hand, and learned the FW patch enters an area of BIOS reserved for it so didn't have 2nd thoughts about going ahead and backed up nothing. Up to your discretion. 
 
Extract the files and run install.bat as admin. Do not lose power or shut down! After a moment, boom, holes filled. Reboot. For me on Z170 Classified K, the number of holes was 9. BIOS 2.06 from Jun 2019, but ME FW of April 2019 as verified by AMIBCP. BIOS intact, now with ME FW 11.8.93.4323 and no known holes more.
 
Finally, enjoy your sense of security!
 
 


 

Anewbis
 
Finally, enjoy your sense of security!
 

Thank you for this.  x299 Dark patched.
 

Thanks! Worked great on X299 Dark. 

Just an update to this thread - there's a newer CSME Version detection tool (v.9.0.1.0) available at the link provided above.
 
There are new vulnerabilities detected when running the new tool with the x299 ME Firmware listed since the original post (was v.11.12.93.2323).
 
Newer ME Firmware is available at the link provided above (Firmware : 11.12.94.2479 [04/01/2023]). Rinse & Repeat.
 
I just did the update on my x299 Dark and all is well.
 

Update:
 
There's a new CSME tool version 10.0.0.0.
 
Also, latest ME Firmware for x299 is v.11.12.95.2499.
 
Links above are all still valid and point you where you need to go.

How to apply this for X299? and will it drop performance?

Is it possible to downgrade ME to before mitigations?

I haven't experienced any issues with performance.  Main benefit is fixed vulnerabilities.
 
Latest ME firmware for x299 is updated again - v.11.12.96.2535 [11/12/2023]