Microsoft had warned customers that its malware detection engine, used in a wide range of its products, could be disabled if an attacker sent a malformed file as an email attachment



From Computerworld:

A successful attack would leave a Microsoft-guarded PC wide open to subsequent exploits, the company warned.

"An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted," Microsoft said in an advisory yesterday.

That engine is the foundation of the company's enterprise- and consumer-grade security products, including Windows Intune Endpoint Protection, System Center 2012 Endpoint Protection, Microsoft Security Essentials, Windows Defender and the Microsoft Malicious Software Removal Tool.

  Microsoft fixes flaw in its own security software