Out of interest what is/are the vulnerabilities presented by the NTP (?) patch ?
Its four vulnerabilities, two of them relate to weak cryptography in relation to authentication keys, one is a buffer overflow and one is a function that does not return causing the NTP software to continue functioning when an error occurred.
My understanding is that exploitation of these vulnerabilities would limit an attacker to running code at the privilege level the NTP software is running at. But of course this may be used as a stepping stone if another vulnerability is available on your system that would allow them to escalate to root privileges.
All the average joe can do is be up to date with all reasonable security updates
Indeed, and left unprompted, the average joe doesn't bother to update their software .... so push-notifications by manufacturers isn't such a bad thing as it encourages people to keep on top of things.