Virus writers have released code for a Trojan that exploits a

flaw in the Window Metafile (WMF) image format. Computers running Windows XP

(SP1 and SP2) and Windows Server 2003 systems are vulnerable. Older Windows version

may also be at risk.

Computer security organizations and AV researchers have

released information on the new threat and Microsoft has released a rather

cumbersome workaround. Microsoft has stated it will release a patch on January

10th as part of its normal, monthly update cycle.

SANS has released an unofficial, .MSI installer file fix for the vulnerability that you can download here. I have not tested the file personally, but several AV professionals have and they recommend it.

You can learn more about this threat from the following