I finally made it through the article and the one referenced from Blackhat 2008. While I do not fully understand Intel architecture, it seems like this is quite real, but not as scary as it sounded. You would have to do quite a bit of recon and then write some simplistic drivers and interfaces for each function of your rootkit, such as keyboard trapping and network I/O. Like the papers state, this makes it a very targeted attack at this point. Looks like Intel is slowly but surely patching these vulnerabilities. I am guessing that if they completely drop the ball here, you are going to see people writing some automated tools to exploit these.
Former33t, you would have to escalate privs from ring 3 in order to gain access to the SMM RAM areas. There are a number of exploits in Windows and Nix that some can take advantage of for this purpose.