Short term solution on VU#906424:
icacls c:\windows\tasks /remove:g "Authenticated Users"
icacls c:\windows\tasks /deny system:(OI)(CI)(WD,WDAC)
Tested and blocks 0day, changing these rights may result in unexpected behavior in scheduled tasks.
@USCERT_gov
OK, my testing was flawed. The machine that I was working on had already been compromised at some point using the exploit. Therefore, the tests were invalid. Those icacls commands do appear to block this exploit. What's not clear is the collateral damage by doing so.