There is very little in the either the MS article or the CVE that would say what is actually happening to help us with writing any rules for this. The mitigation steps that MS lists are all pertaining to running a more restricted set of settings in the browser. From what I can tell though it has something to do with ActiveX. You can create a rule that would block ActiveX objects, but that I just a guess based on the little info I have seen.
How to block ActiveX in 7.x ?
I was not found such type (ActiveX) in media type.
in the rule set library that ships with the product there should be a rule set called "HTML Filter". I think it contains rules to block ActiveX. You could use them as a template.