Patch
I believe most offensive folks are already incorporating automated make-me-admin vuln into their tools, making the chances of a complete domain takeover, automated, highly likely, if an attacker has a minimal foothold in a Windows domain environment.
Let's see the scale of the damage if M$ cannot fix this before years-end.