Even assuming that, there could be a massive testing load to ensure that those few lines of code don't mess up something tangentially related, or cause new security issues of their own.
Assuming you just need to add a check for null pointer and that this bug is very critical like hackers are exploiting it, assume engineers create a fix and are 100% it is safe, hopefully there was no other component that was depending on the broken code , how much it will take to fix it,
maybe there is somewhere a history of critical bugs , with the date of when it was found and when it was fixed then we can find the time interval.
The Windows kernel is one of the most mission critical pieces of software in the world. And is easily the most important piece of IP for MS. I'd argue there's no such thing as a "simple fix". I have no doubt even the most trivial of changes has to be very thoroughly vetted.