I think the fundamental protection is always going to be the firewall that blocks all incoming connections unless you explicitly open a port for a running server.

It's frustrating that the article doesn't have much information about the delivery method for this attack. Is it a remote connection, or you have to run it locally and it escalates privileges?