Aside from applying updates, how else can these vulnerabilities be mitigated? Genuinely curious...
As far as I understand:
* In general you cannot.
* You can try to remove ME with non-official tools like https://github.com/corna/me_cleaner
* Some vendors ship specific laptops with ME disabled (https://fossbytes.com/laptops-intel-me-chip-disabled/)
* For servers or desktops, you can plug in a separate PCI network adapter instead of using the one on the mainboard (please correct me if this is wrong or confirm it as I'm unsure about it). That would at least disconnect the ME from the network by default. But anybody could still walk up to your machine, plug a cable into the mainboard ethernet port and own you at the deepest level.