But this doesn't really fix the issue?
It sounds like they've changed their update service to refuse download attempts from vulnerable programmers. But the programmers themselves are still vulnerable to being redirected to a malicious download service ... the CERT advisory confirms they aren't issuing programmmer updates to fix the issue. https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01
That said, I suppose this might get people out of the habit of attempting network updates. Unless of course a failed connection looks the same on the programer as no updates available?
Biting the hand that feeds IT
