Unless you don't update AV definitions, this is a nonissue. The AV definition files dated 5/16/16 rev24 included an updated av engine component that fixes this vulnerability. By the time I heard of this issue, our SEPM server had already downloaded the defs with fixed engine and 3/4 of our enterprise was already up to date.

The SHA-1 hash is available on any official downloads (Vista, Office 2007, etc) from Microsoft. That includes TechNet, MSDN, and Connect (Beta testers) download links. For reference, b71e04564ca22e4d9928e59298eff87cf62b382b is the SHA-1 hash from the TechNet Plus download of Vista x86 (one DVD includes all versions except Enterprise).