I would assume security conscious admins have already patched. We patched straight away.
But, if you are exposing RDP directly to the Internet, you probably don't have all of your admin marbles together anyway.
At a previous company, the CEO claimed that putting RDP directly on the Internet was safe, because he didn't use the standard port! It took a bit of arm twisting to get him to use a VPN in front of the RDP service - mainly because he only had a thin-client at home.
At every other company I have worked at, RDP was behind at least a VPN with 2 factor authentication.