From Steve Gibson:
Microsoft’s OFFICIAL SECURITY UPDATE leaked onto the Internet early (and it works great!)
It would seem that we can be pretty certain that Microsoft will have this WMF vulnerability mess cleaned up shortly. Microsoft’s cryptographically signed and authentic (though perhaps not final), security update addressing this vulnerability has prematurely leaked onto the Internet.
As expected, Ilfak’s WMF vulnerability suppression patch, and his WMF vulnerability testing utility, both interact smoothly and seamlessly with Microsoft’s forthcoming official security update. Ilfak’s code can be left running while installing Microsoft’s security update, then safely removed forever once the system has rebooted from the update.