Stuxnet can propagate via the autorun feature, as well as via malformed .LNK files that exploit a vulnerability in the Windows shell. This enables Stuxnet to spread easily on network devices, and more importantly, to piggy-back from machine to machine via removable drives such as USB thumb drives.
Stuxnet can also propagate by exploiting a vulnerability in Windows Print Spooler Service. To guard against this type of spread, apply the patch described in Microsoft Security Bulletin MS10-061.
Additionally, Stuxnet exploits an older vulnerability in the Windows Server service (the same vulnerability used by the Conficker worm). To guard against this type of spread, apply the patch described in Microsoft Security Bulletin MS08-067.
Stuxnet can self-update through a P2P network installed by the worm. This network enables the Stuxnet worm to communicate with other infected hosts. To guard against this, check your firewall and IPS logs for signs of unexpected RPC traffic.
For additional information, see: What is Stuxnet?