There is a nice write-up about this on attackerkb. If you're not familiar with it it's a community to provide assessments of vulnerabilities and point out which are worth stopping everything to patch and which are mostly harmless.
It's currently in open beta.
Main site: https://attackerkb.com/
Thunderspy assessment: https://attackerkb.com/topics/mPaHZgsUvk/thunderspy