Just saw Tim's post on the Jan 10th patch. My current client (like a lot of companies I am sure) had a conference call with our TAM today and found out about the Jan 10th timeframe earlier today. They also recommended against installing the 3rd-party patch because they don't know what it does. I'm not totally sure I agree with that. I trust the IST guys and they say it only does what it says it does. But the plan, for now, is to hold off on anything and see what happens. We've got a package ready in SMS that will unregister the DLL so we can send it out if things start going bad. The only thing that makes me feel the least bit comfortable is that our pattern files are pretty up-to-date. Every exploit I've read about so far just uses the WMF to install a known virus/trojan. And as long as the pattern files find those, it *should* be ok. (fingers-crossed).