My advice is pretty exclusively for system administrators and CISOs, and is something akin to ???Patch immediately, particularly the systems exposed to the outside world, and don???t just worry about HTTP. Find anything moving SSL, particularly your SSL VPNs, prioritizing on open inbound, any TCP port.