The clever man that does IDA Pro has made a patch that disables the vulnerable function in the dll while retaining all the other usefulness of picture rendering in the OS shell. Basically this means unregistering the dll is not necessary.

Can be downloaded here http://www.hexblog.com/security/file..._hexblog13.exe which is nice. It works for w2k SP4 onwards I think - check the page at http://www.hexblog.com/2005/12/wmf_vuln.html