On the Windows 2000 issue..

My desktop PC here is Windows 2000 running Outlook 2000. Outlook can render WMF files embedded in an email message just fine - i.e. not as an attachment, as part of the message body. I guess if you have autopreview then you can infect your PC without even opening the message.

You can also embed WMFs in things like Word documents and other office files. It's been a long time since I've seen DOC files used to carry a malware payload and I guess we're not used to it these days. That'll likely sail past your defences and infect anyone who opens the file.

The thing is that there are just TOO MANY ways that this can get onto your system.

If you are an admin, at the very least you should protect your own PC by deregistering the DLL and installing the unofficial patch. That means that if your organisation does get hit, at least you'll be able to coordinate some sort of response.