There is great customer interest in UPnP, especially as more UPnP-capable devices are becoming available. Folks who don't want UPnP can certainly turn off the service, but just applying the patch is sufficient to return it to safe operation.
We're recommending as a work-around that customers who are worried about this vulnerability disable active scripting, while we develop a patch for this.