Doh!
So it is... that's what I get for just quickly scanning the title of the advisory.
In our environment, there are a lot of faxes sent as email attachment that might be affected by the workaround. I just dug a little deeper and our AV has this one covered. We are covered by three AV products, McAfee, eTrust, and Symantec (belt, suspenders, and duct tape I like to call it) and since there are no yet any mass exploits out there, all systems and clients have a chance to get the latest update before it goes wild.
Something like this can usually be stopped at the firewall with stateful inspection and by blocking the WMF extension but in this case, I think even a renamed file could unleash the exploit depending on the application.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
