Hello Z. Tan,
Thanks you for reaching out to us with this concern. We would like to clarify the points that you have raised.
First, it is important to recognize that the ME 11.7.0.1229 build is a pre-production firmware build. The security advisory that you referenced does state “Versions before 6 or after 11.6 are not impacted.” However, the intended scope of this statement is that it applies to production ME firmware builds that are released through official Intel channels. Intel highly recommends that system integrators do not use pre-production firmware builds in production systems.
Additionally, note that the Intel SA-00075 detection tool is reporting correctly, because the ME11.7.0.1229 build does contain the SA-00075 vulnerability. The SA-00075 vulnerability was resolved for the production release of the 11.7 code branch.
Regards,
Michael