Microsoft has released a patch for the WMF bug ahead of schedule. Per Ken Camp:
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006Version: 1.0
SummaryWho should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
From Ken – GO PATCH
Ken has a link to the patch page. You should also have the patch available from automatic updates if you have this enabled for your OS. Remember to uninstall the third-party patch, first, if you installed this. You can do this through the Program add/remove from the Control panel.