One bug squished, one bug survived.
Unfortunately this is just a case of history repeating itself. When this flaw was discovered the update was released immediately on Mac OS, but three weeks later on iOS, drawing criticism from a former employee for the delay. Unfortunately, that delay for Windows users is approaching two months now, which also seems suboptimal.
To protect against the man in the middle attack that exploits this security flaw, don’t do anything in iTunes for Windows that involves your password (buying music/apps, activating a device), and don’t connect that machine to public wifi networks.