The Microsoft Malware Protection Engine that is integrated into several Microsoft anti-malware products, including Microsoft Security Essentials, was updated on to address a vulnerability that could enable a denial-of-service(DoS).
A vulnerability allows attackers to disable Microsoft’s antimalware products by sending specifically crafted files to users via websites, email, or instant messaging applications.
The vulnerability is located in the Microsoft Malware Protection Engine, which sits at the core of many Microsoft security products for desktops and servers including Microsoft Forefront Client Security, Microsoft System Center 2012 Endpoint Protection, the Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Windows Intune Endpoint Protection and Windows Defender, which comes pre-installed in Windows Vista and later.
Redmond has said that vulnerability to be “important,” meaning it could be exploited to compromise user data or processing resources, but not without user action.
If the attacker is successful the vulnerability will result in Microsoft Malware Protection Engine not properly monitoring affected systems.
It is not that easy to do and there is no evidence that the hole has been exploited yet.