Ok, I have a simple question as I have little knowledge (trying to learn, though) of administrating a network's security.

How do you protect against this sort of exploit (besides Snort, which would mearly catch the sploit in progress not stop it, if I understand correctly) when there is no patch out yet?

Do you block every website at the gateway and whitelist the websites necessary for work?