Kevin Kean of the Microsoft Security Response Center (MSRC) blog posts an update to the WMF vulnerability. In the article, we are expecting to release a patch on January 10th, during the regular Tuesday patch cycle.
I've disabled the errant .DLL as described in “More information on the WMF Exploit: includes workaround”. While there are a number (four, at last count) of unofficial patches out there, disabling the .DLL is far and away the easiest to reverse when the patch is released.
Want a pragmatic view? Check out Jesper Johansson's comments in “WMF Exploit: Comments by Jesper Johansson”.