One of the malware apps we have discovered at 2005-12-29 (some days ago!) already had a build-in infection counter at a (hidden) website and we saw the number 233,000. This means, a few days back, some 100,000 PCs seems to be compromised already. Today, the website is still working, and has delivered more than 1,000,000 malware installation files already. With 1+ million PCs under your control, you can do almost everything!
(from WMF Exploit)
If you have a friend that runs windows, be sure they've taken action. Any application that can show an image is vulnerable, on any version of windows back to 1990.
I really hope this is the straw that breaks the camel's back for many IT so-called "professionals" that believe that Windows can ever be considered a "secure" operating system. Consider that this is a designed feature implemented as designed. What could they possibly have been thinking to include arbitrarily triggerable code in an image format? What are they smoking in Redmond?