Has Intel offered an official "disable ME" patch? I'd like to close the door once and not worry about it again.
There are no official ways of disabling the ME.
The Coreboot project and the Hardenedlinux project have worked on it, and here are some resources on their progress:
https://hardenedlinux.github.io/firmware/2016/11/17/neutrali...
https://www.coreboot.org/Intel_Management_Engine
And here is a general writeup on the Intel chips and their "features": https://libreboot.org/faq.html#intel
If Intel aren't going to patch old systems, here to hoping that they will let us disable it, but it probably won't happen.
There is a Python script that can take a BIOS image (either from a vendor or scanned from a running system) and remove all ME components that are not absolutely required to operate the CPU. I have never tried it.