How do we know this doesn't also permanently disable the ability to set the HAP bit to disable Intel ME in our processors? Maybe it does something else as well as patch the exploits..
Yeah it's a blob, so you never know. But in this case, if they disabled such feature, wouldn't you be able to see it? What I mean is that if they disable it, you should notice somehow.
Still a blob (eh, Intel) but at least there is a patch.
Didn't they fix it in the kernel?
Yes but you'd need both patches. As far as I understand the issue, there are multiple attack vectors so you need more than a single patch. You'll probably need patches for your browsers and other software too.