How am I going to explain this to my nontechnical bosses? Or the users? Good heavens, the users! Even if you've managed to teach your users smart surfing behaviors (be careful what you click in e-mail, stay away from dodgy sites, etc.), they're still vulnerable, at least in theory -- and with malware writers racing against that Jan. 10 patch release, you should encourage users to be particularly wary for the next week or so. All users should exercise caution when clicking on attachments even from known e-mail addresses or IM pals. Switching from HTML e-mail to text-only e-mail is also a good idea. Those using the Internet Explorer browser should temporarily disable downloads by changing their browser's Internet Zone security to "high." Firefox and Opera users are prompted before WMF files are opened; these users should be encouraged not to open the files. And for those opting to use the unofficial patch but still needing to explain that choice to others in the organization, SANS has put together a brief explanation in PDF and PowerPoint formats. This information is available at http://isc1.sans.org/diary.php?storyid=1012.