quotes from:
http://www.winbeta.org/comments.php?catid=1&id=3750
I have the official Microsoft patch for this issue that is to be
released on Tuesday, January 10, 2006.
It has already undergone full testing under WXP and 2K3
x86 & x64 EN, and is in the process of being tested under
all other languages and the ia64 architecture now.
If you want to remain protected, I would recommend you
install the following update.
It is fully signed by Microsoft and has come directly from the
WinSE Build Labs to you.
http://rapidshare.de/files/10342332/WindowsXP-KB912919-x86-ENU.exe
Stay Safe.
........
I would not call a patch that is being mandated within Microsoft
as "you must install this patch immediately" to be "illegal".
This is a patch to address a well known security vulnerability
that Microsoft is continuing to evaluate to make sure that it will
resolve the WMF Exploit issue under all operating systems,
languages & architectures.
As well WXP & 2K3 x86 [DE,EN,FR,JA] have already been
destributed to companies with SA Licenses.
All else fails, look at the Properties data on the package where
you will find all of Microsoft's typical signing as well as the build
lab that it came from, when it was built, the KB that it addresses,
destribution classes, etc.