(Note: Microsoft doesn’t recommend that people use this patch)
Ilfak Guilfanov who is being billed as one of the foremost experts in Windows low level technology has released a temporary/interim patch for Windows that’s NOT from Microsoft.
EXE file: http://castlecops.com/article-6436-nested-0-0.html
(MSI file located here: http://handlers.sans.org/tliston/WindowsMetafileFix.html)
Technical details:
"This is a DLL which gets injected to all processes loading user32.dll. It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore."
Once Microsoft releases an official patch, or if the above doesn’t work, you can uninstall it from your Add/Remove Programs menu. It’ll be listed as "Windows WMF Metafile Vulnerability HotFix".
The Internet Storm Center gives this patch its stamp of approval:
——————————————————————————–
We have very carefully scrutinized this patch. It does only what is advertised, it is reversible, and, in our opinion, it is both safe and effective.
The word from Redmond isn’t encouraging. We’ve heard nothing to indicate that we’re going to see anything from Microsoft before January 9th.
The upshot is this: You cannot wait for the official MS patch, you cannot block this one at the border, and you cannot leave your systems unprotected.
Kurt Shintaku's Blog 