Upgrading alone will not remove attackers from compromised instances, and organizations must take steps to detect compromises, remove unauthorized admins, and assess any potential damage.