I'm a little nervous about the disclosure timeframes here. This post with exploit code was released only ~24 hours after the patch. Would it have been impossible to allow a slightly longer window for long-tail users to update?