The core mechanism was actually fixed a lot longer than that. Winbox v3 never downloaded any DLL files from the router since 2014, when it was first released. Only using old Winbox v2 would download the DLL file. It is very important you only use Winbox v3, no matter which RouterOS version you have.
The issue described by Kaspersky consists of two parts:
1) Winbox downloaded some DLL file from a router = Winbox v3 never downloads any DLL files since 2014. It does not download any DLL files from any RouterOS version. Do not use old version 2 Winbox is the safest solution.
2) How the DLL file found it's way into the router in the first place. This is unclear. Many devices lack passwords and firewalls, as we saw recently with a script that attackers use on open devices. We did have a www server vulnerability and fixed it a year ago, if this was the point of entry, it is long fixed (march 2017).
What Kaspersky found is not something new that MikroTik has to fix now. Winbox was already updated in 2014. They discovered the virus only now, this is why it is in the news.
TLDR: You were always safe if you use Winbox v3. Upgrade your RouterOS machine to close a year old www vulnerability, even if it may have not been related to this at all.
