Yes. Lots of large corporations and government agencies point to NIST standards when making purchasing decisions. So until this got officially updated, vendors were obligated to sell potentiality insecure products.
There's NIST which publishes the definitions, and then there's FIPS which required the availability of Dual-EC DRBG.
Following FIPS is nontrivial. I've never heard of anyone doing it that wasn't the US government itself, or a contractor, or a stooge like RSA (which made Dual-EC their default crypto RNG).
