B85 was the mid-end "Desktop Office" model of 8-Series (first-gen Lynx Point) in Q2/2013, better than H81, not as good as H87/Q87/Z87. LGA1150 Haswell. 9-Series (second-gen Lynx Point aka Wildcat Point) released H97/Z97 in Q2/2014. LGA1150 Haswell Refresh (and Broadwell). 100 Series (Sunrise Point) released Q3/2015. LGA1151 Skylake. 200 Series (Union Point) released Q1/2017. LGA1151 Kaby Lake. Intel is already working on Skylake-X, Kaby Lake-X, Cannon Lake, and Coffee Lake for their 300 Series "mainstream"/"performance" consumer platforms, expected to release Q4/2017.
Your B85 platform is less than 4 years old. But it's also three or four full generations behind Intel's current chipsets.
It isn't officially EOL ("legacy hardware") yet, but it's close - it's no longer actively supported by Intel. In fact, the latest B85-specific microcode updates from Intel were discouraging - they locked out "non-K" overclocking on B85/H87, they disabled TSX instructions, they reduced maximum DDR3 addressing and performance parameters, etc - it seems evident that Intel "encouraged" people to buy H87 (then Z97, Z170, etc) by imposing seemingly-arbitrary limits on "lesser" chipsets. And ASUS doesn't write this firmware, they only let you download Intel's stuff from their own (motherboard) pages.
The most serious bugs/exploits may be corrected in Intel's specific or generic IME and Errata updates, but I doubt Intel will release any 8 Series updates when they're so busy working on newer and newer tech (which they hope you'll buy, lol). If security vs remote attackers/hackers concerns you, then you have little choice but to upgrade to a newer chipset.
FWIW, I run a variety of desktop/laptop PCs at home and work (X99, C236, 990FX, A88X) - all with cryptomodules - and I still don't like the (potential) vulnerabilities from Intel IME or AMD PSP/TEE. In the end, I feel I can still "trust" my ancient Pentium 4 more than the other "vulnerable" machines (although, alas, it languishes unused in my garage workshop, I'm just not tinfoil hat enough to sacrifice all the technotrocities provided by my other machines).
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams [/Korth]
The intel has already send the firmware to oem. So intel has aleady released the firmware for this old chipset. Actually they realeased fixes for the nehalem from 2010. Hp and lenovo already published the fixes. The problem is that Ime has also a lot of fixes for shutdown and restart of the machine that why i want it.
I have the new 22.214.171.12424 update with the security fixes but i dont know if it compatible with my motherboard. Because it is well known that the 9.0.xx.xxxx Ime that is provided from asus can only updated manually in the same branch of the latest 9.0 IME.
To Update it to 9.1 the bios need a rewrite in a lot of motherboards.
I dont know if asus bios is ready for 9.1 ime if someone of asus know the answer please write it so i can update mannualy. I read in another forum tha haswell refresh needed 9.1 ime to work properly, but asus leave it in bios at verion 9.0.