In order for an attacker to exploit CVE-2015-8370, they must not only have physical access, but they must also reboot the machine. Will you notice your machine being rebooted? You should. Will there be logs of the user exploiting the vulnerability? Unfortunately, no. The vulnerability occurs before they system logging function (syslog) is available during boot. But the attacker doesn't just need to reboot - they have to take the system into a recovery mode and install malware.
All of this takes time. The researchers who found the vulnerability show a proof of concept that demonstrates this attack, but I take serious issue with the suggestion that APT attackers will somehow gain physical access to exploit this vulnerability (or that they even need to). So it's not just a reboot you have to miss, but an installation that will likely add at least a minute (possibly several) to your boot time.
But before you run for the hills and drop everything to patch this, note that this vulnerability only helps the attacker bypass the boot loader password. If you don't have a BIOS/EFI password protecting your boot sequence, this doesn't matter. If you don't have a password on the boot loader (GRUB), this doesn't matter. Most organizations we work with at Rendition Infosec don't have BIOS passwords or boot loader passwords on their Linux machines (most of which are servers in restricted access areas). This isn't to say that we don't recommend it. But these are required before you even need to think about this vulnerability. In other words, the attacker can ALREADY do everything in the POC if you don't implement BIOS/EFI and boot loader passwords.
But let's call a spade a spade - if your server reboots and the SOC and ops teams don't notice it, someone probably needs a resume update, don't they?
For those looking for more information on MS15-130, I'll post it tomorrow or early next week. I was getting to many calls about this bug and wanted to set the record straight today.