Does anyone have (or have any ideas for) a best-practices configuration to address the latest exploit outlined in the US-CERT article referencing the above issue?

The article can be found at This looks to be rather serious and it seems that it could easily fly under most people's radar.

The only protocols I use on my network are DNS and NetBIOS and port 53 is only forwarded to my internal DNS servers. Still this could potentially catch lots of folks off guard. I was wondering if someone had already considered ways to mitigate this type of activity.

My primary focus is MS Exchange management and Active Directory so this is a little out of my bailiwick.