Others have covered this (
), but I wanted to weigh in as well. The security advisory walks you through the steps (set HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParametersRpcProtocol to 4 and restart the DNS Server service) in detail.
All SBS customers should implement this change as soon as possible.
All SBS servers run DNS by default.
The advisory also advises that you block "TCP and UDP port 445 as well as all unsolicited inbound traffic on ports greater than 1024". The key word here is
. Obviously, you don't want to block port 3389 for RDP or 4125 for RWW, etc. if you are publishing those services.