Well the first thing you should consider what the web hosting you are using. If you are on a shared Web hosting, you can not upgrade at all. It depends on your web hosting company to do it.
Usually web hosting companies to control the load of their web servers. If the client is consuming too many resources from their scripts site, they tend to suspend their sites. So if your site is attacked, your web server companies may eventually suspend your site, although this is not a bug in the script. In this case, be prepared to tell them about this vulnerability, so they upgrade PHP installation.
If you are on the Virtual Private Server (VPS), which some people confuse it with a cloud hosting, VPS software usually monitors the load on the server automatically and stop virtual server instance that is consuming too many CPU resources so as not to cause harm to clients with common physical the server.
Usually in a VPS you have root access to the machine / administrator, so you can update your PHP installation yourself.
The same applies to dedicated servers, except that on dedicated servers is up to you to control the load on the server. So if you have a dedicated server that is being attacked, and you’re not monitoring it, you may end up leaving the server CPU fry until it is lit or otherwise ceases to work.
So, basically it is best that you act in advance and upgrade PHP installed sooner rather than later.