There’s a new bug on the block for Microsoft users, reports indicate. The company has released an important security advisory to close up a vulnerability in its Malware Protection Engine that could give an attacker user rights to a system.

The software giant said the update fixes a bug in the Malware Protection Engine that an attacker could exploit to gain LocalSystem privileges and access to a machine. The vulnerability in the Microsoft Malware Protection Engine, which is the core of the anti-malware system in several pieces of Microsoft software, affects Microsoft Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010 and the Malicious Software Removal Tool. That last one is super sneaky!

“The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users,” Microsoft wrote in the security bulletin.