PCWorld reports that Microsoft has patched a bug in its malware scanning engine that could be used as a stepping stone for an attacker looking to seize control of a Windows box.
The bug is fixed in an update to the Microsoft Malware Protection Engine that was pushed out to users of Microsoft's security products on Wednesday. It's what's known as an elevation of privilege vulnerability -- something that could be used by an attacker who already has access to the Windows system to gain complete administrative control.Microsoft Fixes a Security Bug in Its Virus-scanner