The good news is that the feature is disabled by default (unlike Intel ME, which is enabled by default on most Intel-based machines), so attackers can’t exploit VISA without first finding a way to enable it.
The bad news is that the Positive Technologies researchers found a way to disable VISA using an older Intel ME vulnerability. Intel released a firmware patch that fixes that vulnerability back in 2017, but unless your laptop maker or motherboard maker has sent your the updated firmware and you updated your system with it, your PC will remain vulnerable.
Emphais mine. As part of our process to neutralize and disable the ME in the versions of coreboot we ship, we not only pull down a recent version of the ME, we also remove almost all of the modules that someone like PT could attempt to exploit.
Based on the information that’s out there currently about PT’s research (it sounds like more details are forthcoming), I don’t think our laptops are vulnerable to this for the reasons I stated above. Beyond all of that, if someone were to attempt to modify the ME (for instance loading an older, vulnerable version of it) to allow for this exploit, you would be able to detect that tampering if you were using PureBoot.