@fedops It seems my policy of not installing the updater at all paid off then - also the copy installed by the IT department at work didn't have the updater installed either, so it seems both were more or less safe. Both have been updated since, regardless.

@LorenzoAncora As far as I understood, it only affected users who used the integrated upgrade function. If you only ever downloaded a new version directly from the site, there was no issue, nor did it affect anyone else except certain targeted groups. So saying all users were exposed is a slight exaggeration, though obviously anyone should still update it.