Indeed. But that does make it very worrying as to what extent are the capable baddies going to be able to leverage this? If it’s doable routinely then it can’t be ignored.
What I think we’ll have to have is immediate disclosure of faults. It might be better to switch off rather than stay operating but vulnerable. For system operators, that would be a pain in the arse, and the answer then would be to be able to switch OSes at a drop of a hat. Or switch db engines in an instant. Or web servers. You’d be taking the chance that two OSes don’t have a zero day unfixed for an overlapping period. Or go closed source.