Here is the Microsoft security advisory.
The work around is to:
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
After a security update has been released and deployed, you can undo this change and re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll�? (without the quotation marks).
This doesn't eliminate the problem since opening up a bad file with MS Paint will execute the malicious code but this would help somewhat against getting hit by a trojan accidentally as an user surfs the web.
F-secure has a good blog with updates on the situation.
Update: Microsoft released their patch here.