Good news: It looks like the answer is "yes, patch 5 includes the mass mailing exception hotfix" based on an internal document reviewed by a McAfee VSE support tech I just reached.
Apprently the Reference: numbers mentioned in release notes aren't one-to-one mappings to hotfix numbers. The mapping gets fuzzy if a reference fixes a superset of hotfix goodies.
The mass mailing hotfix issue is mentioned in the release notes under item 12, but I still have a beef with this description because the mass mailing exception issue also affected our Windows XPsp3 boxes (unless I have had a colossal lapse of memory--in the area of the company where these mass mailing exception breakages reared their head, there's only XPsp3). I've bolded the happy news.
12. Issue: Windows Vista made a change to an internal Process Environment Block (PEB) data structure that records the name of a processes' primary executable with the result of making the available length of the process name one character shorter. Access Protection rules with process names over 16 characters are not being properly handled in Windows 7 or later. (Reference: 626033)
Resolution: Access Protection rules now handle process names greater than 16 characters in length.
The support tech also gave me a test procedure where I could install patch 5 locally on one box and copy telnet.exe to something greater than 16 characters, set an exception for it and try to telnet out to port 25 on an smtp server with and without the exception in place.