I think you should assume people will reverse engineer patches as soon as they are public. People should treat this like any urgent medical care and address it within hours or days of the patch being available. I don't know much about that area of the industry, but I don't envy it at all. Imagining being the person responsible for a) enabling remote communication, b) allowing updates via remote communication, and c) securing it. What a nightmare situation.