Intel has published a whole host of security vulnerabilities, with mitigations rolling out, but attackers will need local access to actually do anything
Intel has recently spotted a whole host of security vulnerabilities in the UEFI for many of its products, which could allow the escalation of privileges to bad actors. It's a problem worth updating your device over when updates are available, but for now, just stay vigilant of who is near your rig.
The highest severity problems on the list register a CVSS score of 8.7 (1.3 off the highest), and these both involve improper input validation, which can enable local code execution. Though local access to your rig is needed, neither 8.7 severity vulnerability involves "special internal knowledge and requires no user interaction".
Moving down to a measly 7.1 severity, one vulnerability has been spotted where the system management verifies a resource, then swaps out that resource to something else before the action can actually happen.
An example of this is checking privileges on a folder, seeing that it is accessible, then swapping that folder for another one, therefore getting into a locked folder without a password or privileged user access. In this case, it uses that access to escalate privilege. Like the rest of the exploits, this requires local access to use.
Intel clarifies it is "releasing" updates to mitigate these vulnerabilities, so we can expect them to roll out to motherboard manufacturers going forward. I've checked through many Intel motherboard manufacturers for updates, and though I've seen some updates after the publishing of Intel's findings (like this MSI Mag Z890M Gaming Plus driver), they don't note UEFI vulnerability fixes. This is to say the rollout doesn't appear to have fully happened yet.
Nonetheless, requiring local access does mean you aren't necessarily in trouble without the update for now. It's always good to stay up-to-date, in case you've found yourself unlucky enough to be found by a bad actor, but for most, it's not a huge deal.
The severity of reported problems isn't purely about ease of use. That 8.7 on the high end is a combination of complexity to use, plus how much it impacts confidentiality, integrity and availability, plus a whole pile of other factors. Severity is a good sign of how serious a problem is, but many problems will be hypothetical in nature.
As pointed out by Intel, "Intel, and nearly the entire technology industry, follows a disclosure practice called coordinated disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available."
Generally, by the time you hear about a problem from the manufacturer, chances are that fixes are already out there, or in the works. Just don't leave it too long before updating your system. A healthy rig is an updated rig.