I was hoping I could leave this to people more knowledgeable than me, but apparently nobody here is talking about this.
So here goes :
On April 25th, Intel issued patches due to a confirmed remote exploit in the Active Management Technology, affecting ALL versions from 2008 till now (Nehalem -> Kaby Lake).
Due to the secretive nature of the entire Intel Management Engine and its inner workings, there's no way of telling how serious this exploit is, or how likely it is to appear in the wild.
Intel claims that there are no customer PCs affected at this point and (fortunately) nobody is releasing any info on how the exploit works. Still, if your Intel PC has AMT, it is vulnerable.
There's a second exploit too, but that's a local one and it requires Intel's Local Manageability Service to be running.
If you use an Intel motherboard made in the last 9 years, you may want to keep an eye out for firmware/BIOS/UEFI updates for your motherboard. They've been pushed to the manufacturers, now it's in their hands.
Using another NIC than the default one is also an effective mitigation, as the Management Engine only has access to the default one. That takes care of the remote exploit.
It's also a good hint for anyone who has had his/her doubts about the whole Intel Management Engine thing in the first place. Just get a network card and it's dead in the water.
Steve Gibson spent almost half an hour on the subject during this week's Security Now podcast.
Timestamped to 13:14, goes all the way to 37:34
It was bound to happen at some point.