Be Smart About WMF Remediation
Opinion: Look to the network perimeter for ways to block malicious files.One way to remedy Microsoft Corp. Windows insecure handling of WMF graphics files is to go machine-by-machine and unregister the regsvr32 DLL that is at the root of the problem. However, until an effective patch is released or anti-virus vendors release signature files that catch the growing number of malicious files resulting from this vulnerability, another way for IT managers to handle the problem is by using an IDS or firewall to block WMF files. Keep in mind that malicious WMF files are easily changed to evade perimeter protection systems. However, for those sites that are still using unchanged WMF files, perimeter systems may provide a minimal level of protection.
The reason is simple enough: Filtering malicious content at the edge of the network is more cost-effective than making changes to individual machines (or even using Group Policy to change large numbers of systems).