No, not "disabled". The dictionary defines disabled as:
"of a device or mechanism : rendered inoperative".
The ME operates on every boot, and at minimum continues to listen for certain power control events. That does not qualify for the dictionary definition, and (at minimum) leaves the possibility of a ME kernel-level exploit being used in the future.
Given that the kernel still runs, and that anyone with physical access to the machine can install god-level invisible malware that will survive OS and hypervisor re-installs, I would not say the threat is neutralized
Then there's the little matter of the TPM not working on "limited" ME platforms. That's a major step backward for high security use cases, especially where you can't install a new hardware TPM.
Biting the hand that feeds IT
