This is interesting. SANs just posted a presentation (PDF file and Powerpoint) on the WMF exploit.
It does a really good job of explaining how this thing works. If you feel a bit unclear on it, check this presentation out. It makes it quite clear.
The full SANS article link here.
In a week, this thing will be patched and all will be (hopefully) better. But in the meantime, the temporary hotfix is a fine solution, along with unregistering shimgvw.dll. We are hosting the hotfix on our servers in case you’re having a hard time getting it. Also, Ilfak (the creator of this patch) is temporarily living at CastleCops as his server went down from overwhelming traffic.
Of course, antivirus protection is essential these days, and if you’re on a budget, you can always get one for free. Read my article on cheap and free security tools here.
Alex Eckelberry