Microsoft has issued Security Advisory 912840 for a Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. As noted in the bulletin they have the highest priority in testing out and providing solutions for the WMF exploits that are currently circulating.  So far, most WMF attacks come from visiting unsafe websites, so follow best practices and "think before you click" in web surfing and never click on links in email or Instant Messenging.

Current recommendations for Malicious WMF Exploits in-the-wild

1. Keep your Anti-Virus and Anti-Spyware software as up-to-date as possible.  For McAfee users should install DAT 4661 or higher now
2. Stay away from any questionable sites and do not open WMF files or links in any environment (e.g., IM, email, web surfing, explorer, etc.).
3. Filter and block WMF files in email or content filtering systems
4. Don't rely just on the WMF extension as Windows metadata processing can process a disguised and renamed extension.  For example, the extension of a WMF file might renamed to GIF and when Windows tries to open it, it may recognize that it's a WMF file originally and try to open it that way.
5. As an extra safety precaution, you can turn off the vulnerable DLL.   The Full Disclosure workaround has downloadable *.REG file that allows toggling shimgvw.dll on and off.  Another option might be to turn off the shimgvw.dll service completely, which will result in a minor loss of functionality.  Turning off this DLL will impact thumbnail previews in Windows Explorer and Windows Fax & Picture viewer, as both will no longer work.  Still you can restore this service later after better protective solutions emerge.

Please click on this link for more information:

Malicious Zero Day Windows Media File Exploits are in-the-wild