gdi32.dll isnt the file which has the flaw so why thats the one being patched i dunno.
edit : according to cert now, it could be too. :
http://www.kb.cert.org/vuls/id/181038
personally i wouldnt touch that patch - no telling of what it will or wont do. would much prefer to see the source for it, see a diff for what modifications were done, and compile it myself before i use it
maybe im just paranoid but there you go
ive done the regsvr workaround for now, and will use any ms patch when they eventually get off their arses and make one
as for the DEP , its worked in some cases, it hasnt in others from what ive seen on sites like fsecures blog, sans, etc.