Here's an alternative way to fix the WMF vulnerability.Most people in the patch management world would never recommend a patch NOT from the original vendor, but Ilfak isn't just some kid. This is real...
Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system (all pictures and thumbnails continue to work normally).
The fix works by injecting itself to all processes loading USER32.DLL. It patches the Escape() function in GDI32.DLL, revoking WMF's SETABORT escape sequence that is the root of the problem.
Now, we wouldn't normally blog about a security patch that is not coming from the original vendor. But Ilfak Guilfanov isn't just anybody. He's the main author of IDA (Interactive Disassembler Pro) and is arguably one of the best low-level Windows experts in the world.
More details from Ilfak's blog: http://www.hexblog.com.
If you test it, let me know how it works.
UPDATE - I have installed this on my personal laptop and seems to do exactly what it was meant to do. People that are serious about blocking this very danger attack should seriously look at this patch. Even the ISC has given it the go ahead.
They have earned my trust, that is for sure.