My quick temporary fix regarding CVE-2017-5689 vulnerability until you can apply a new BIOS update:
Change default admin name account to something random, do not create another admin account:
Is this approach viable if admin account name is unknown to attacker ?
Update 7-05-2017:
This method was confirmed by other professionals to be effective for protecting your computer from remote AMT login !
Renaming default admin name account to something random will protect your computer with AMT active only from other host accessing your AMT computer by LAN or WAN.
It will NOT protect you from login/attack via local interface with LMS access !!!
It is best to use AMT with TLS so connection and traffic will be encrypted and admin name account can't be sniffed !
Remember you are still vulnerable from attack via local interface LMS access !!!
If you are looking for 100% protection then follow Intel advisory and unprovison and disable AMT !
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Message was edited by: Lucian L.