Microsoft has issued an update to its core malware protection engine that fixes a bug that could allow an attacker to gain LocalSystem privileges on a vulnerable machine if a specific set of odd conditions exist. The vulnerability in the Microsoft Malware Protection Engine is a privilege-escalation bug, so an attacker would already need to be authenticated on the local system in order to exploit it. An attacker who successfully exploited the vulnerability could gain the same user rights as the local account. Microsoft said it is not issuing a separate bulletin for the bug.
Source: https://threatpost.com/microsoft-issues-fix-bug-malware-protection-engine-022411/74962/

