As the WMF saga continues, SANS is really on top of it, they worked with a programmer to come up with a patch to protect you from the WMF exploit. In addition to the info in Joe's post below, they recommend you install the (a direct link to the exe file that contains the patch AND unregister the dll. There is also a discussion about how to protect your company from the WMF exploits, from most extreme (not use windows!?!?!?! to Disallow email, or strip all attachments from the more secure email server they get access to.)
Is this a precursor of Security threats in 2006????