Contemporary commodity CPU's have all sorts of features that important customers want [1]. You probably are not an important customer if you don't own multiple large data centers of the sort located next to hydro-electric dams and who causes price drops on used high end Xeons when you upgrade the data center hardware.
The CPU inside a CPU is vulnerable and it changes with every tic and toc. Windows 7 is pushing 8 years old and was designed around older and almost certainly early generation Management Engine designs (and perhaps a few down the road iterations of it). But it wasn't designed with data from the field about attacks and exploits. Windows 8 is largely a reskinning of Windows 7 and probably has similar vulnerabilities in regard to accessing the CPU in the CPU if such vulnerabilities exist.
Windows 10 has a somewhat different architecture and almost certainly has been designed considering ME and AMD's spin on it from the ground up and reflects all those years of experience from field deployments and the CPU vendors current roadmaps. Importantly, Windows 10 is designed with the idea that future experience will require changing the code.
Anyway, my suspicion is that the internal security model of at least some contemporary chips are considered to have probable or actual vulnerabilities exposed by Windows 7/8 and the business decision is that the most effective way of mitigating those vulnerabilities is simply to not support the consumer use case of buying new hardware and then running old versions of Windows on it.
The business case I am imagining runs along the lines of how much damage would Microsoft suffer if there was a problem versus how much damage it suffers from pissing off a handful of edge case users (considering that the majority of the noise will come from people who don't use Windows).
ME relies on security by obscurity (and hence the motivation of some for open source code). Of course that's not proof.
But I wouldn't rely on a Skylake ME's integrity for a public IP'd computer if it was running Windows 98 because it can be pwnd in ways that a Pentium Pro can not: replacing the disk drive won't get ownership back.
The CPU inside a CPU is vulnerable and it changes with every tic and toc. Windows 7 is pushing 8 years old and was designed around older and almost certainly early generation Management Engine designs (and perhaps a few down the road iterations of it). But it wasn't designed with data from the field about attacks and exploits. Windows 8 is largely a reskinning of Windows 7 and probably has similar vulnerabilities in regard to accessing the CPU in the CPU if such vulnerabilities exist.
Windows 10 has a somewhat different architecture and almost certainly has been designed considering ME and AMD's spin on it from the ground up and reflects all those years of experience from field deployments and the CPU vendors current roadmaps. Importantly, Windows 10 is designed with the idea that future experience will require changing the code.
Anyway, my suspicion is that the internal security model of at least some contemporary chips are considered to have probable or actual vulnerabilities exposed by Windows 7/8 and the business decision is that the most effective way of mitigating those vulnerabilities is simply to not support the consumer use case of buying new hardware and then running old versions of Windows on it.
The business case I am imagining runs along the lines of how much damage would Microsoft suffer if there was a problem versus how much damage it suffers from pissing off a handful of edge case users (considering that the majority of the noise will come from people who don't use Windows).
[1]: example AMT, etc. https://boingboing.net/2016/06/15/intel-x86-processors-ship-...