See links below. Priority 1 is positively identifying all of our servers (and they should be) are affected. Priority 2 is then resolution.
This requires dist-upgrades (usually seen as bad magic and dangerous by people) and reboots. This CVE has already been public for a week and has had wide spread media coverage (in the UK at least). If people didn't know it exists, then they do now and that includes cyber thieves whom are expected to be the number 1 bad faith user.