By now you most probably already heard of the CVE-2021-34527 zero-day vulnerability in all Windows builds since 2003.
While there's a fix being pushed by Microsoft, you might still want to restrict devices in your network to be vulnerable.
These Intune (or Microsoft Endpoint Manager) Remediation scripts might be able to help you resolve the matter for your workstations.
I'll create a more detailed blogpost to describe the usage and explanation behind why 2 remediation scripts, but in case you just want the magic sauce you can collect the scripts here.