If you are like a certain West Coast city government (I'm withholding the identity to avoid placing them at risk of targeted attacks) and you haven't migrated yet from Windows 2000 SP3 because of app compatibility problems, you'll have to fork out upwards of $200,000 to get custom support and, by extension, a patch for the WMF vulnerability.
Microsoft likes to slickly say that they'll continue to provide patches for Windows 2000 but that's not entirely true. Patches are only available for Windows 2000 SP4. Joris Evers mentions some others in a blog entry but still misses the fact that Windows 2000 SP3 users are also left out in the cold.
That's why I recently asked if Microsoft would tell us how many Zotob infections occured on Windows 2000 SP3. I suspect the answer is startling.
UPDATE: Paul Roberts finds Microsoft playing word games with severity ratings and older OS versions.