Well if you have an AD environment, you can push out the correct patch and removal tool via scripting and group policy. I pushed it out to 7500+ machines inside of 4 hours. The only issues that we have left are those machines that are not part of AD and they were easily tagged as vulnerable using Nessus and the MSRPC_DCOM NASL. (NASL ID 11808).