Actually the patch microsoft released did correct the "unchecked buffer" vulnrability, but it still leaves the UPnP service installed and running.
UPnP uses two services. One is started by default it is the "SSDP Discovery Service" and the other is the "Universal Plug and Play Device Host". The UPnPDH service is dependant on the SSDP service though.
Even if you and installed the Microsoft Patch you should still disable the services (unless you have a UPnP aware device (toaster, fridge, etc)).
You can disable the services through Control Panel -> Administrative Tools -> Services.
Alternitivly Steve Gibson has released a automatic fix which you can get at:
http://grc.com/UnPnP/UnPnP.htmBTW this vulnerability affects Win ME and *some* versions of Win98.
oglsmm