Microsoft's Malware Protection Engine has been patched as Argeniss security expert identifies an 'elevation of privilege' vulnerability in which an attacker who already had administrative access to a Windows operated system. Websites that allow users to upload web pages are more at risk of this threat.
Microsoft was worried enough by this flaw to actually develop and release a patch as part of its Windows Update. Microsoft did say it hasn't seen anyone take advantage of the bug yet, the flaw was reported to the company by security researcher Cesar Cerrudo, but Microsoft thinks that hackers could develop code that reliably exploits the issue.
Source: ID Theft Protect