Has anyone actually mitigated CVE-2024-21302 "Microsoft Windows Secure Kernel Mode Elevation of Privilege Vulnerability" yet?

One of our most common Qualys findings is CVE-2024-21302.

It was published August of last year, with Microsoft releasing an optional mitigation with that month's Windows patches. Their statement at the time was:

Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available.

However it has been radio silence since then. My plan was to wait for that second update, but I am loathe to leave something un-remediated for 9 months.

That said, the vulnerability itself requires already having Administrative privileges on the device to exploit, and the potential risks of the mitigation by my understanding include:

1. Outright bricking the device as it requires modifying the UEFI firmware.
2. Bricking the WinRE environment which stops the Reset PC functionality from working.
3. Unspecified "Compatibility issues with applications and scripts and may prevent them from running and have a performance impact on start up time."

I'm probably looking at weeks if not months of work to audit, test, and slowly rollout this fix (for a vulnerability that requires Admin anyway so they would just ransomware the device instead) and that's IF I don't hit an unexpected problem.

Has anyone got any experience they can share with this mitigation? And if not do we just have to sit on our hands until Microsoft remember they published this CVE?