Microsoft launched Malware Protection Engine 1.1.6603.0, an updated version of its Microsoft Malware Protection Engine (MPE) application, on February 23, 2011. The updated MPE fixes a major security loophole (Elevation of privileges) that let attackers, who already gained access to a user's computer, to enhance their user permissions so as to obtain administrative rights on the computer. Once exploited the loophole, an attacker could shoot arbitrary code or commands from the system and capture it completely. Thereafter, an attacker could install programs or applications, edit, view, modify, or remove data from the computer with full administrative rights.

If not fixed, an attacker could exploit a locked-down Windows PC by entering in it and launching an attack script, which converts a registry key into a special value or code. When the MPE runs its subsequent scan, it runs the specially-crafted key that equals the attacker's privilege rights to the genuine user rights due to the fact that the preset LocalSystem rely on the computer. Generally, LocalSystem has major privileges and is used by the service control manager. For creating all this mess, the attacker needs to be on the computer with authentic login credentials because unknown users can not use this loophole.

All the applications or services in Windows XP and 2003 can be masqueraded despite the attributed privilege rights. The impersonation practice could be continued by an attacker irrespective of the inclusion of various latest security features designed to protect threads from such activity. The IT managers are advised to run processes/applications as regular users with must-have privileges on considering the likely occurrence of such practice of exploiting this security loophole. Therefore, they are not required to run SQL Server processes/applications as Local Service or Network Service. Further, computers running on Microsoft Internet Information Services are recommended not to run ASP.NET-based web applications in full-trust mode.

MPE is featured in a number of Microsoft security applications including Microsoft Security Essentials (MSE), Forefront Client Security, Windows Live OneCare, and Forefront Endpoint Protection 2010 among others. Given that these applications update themselves regularly, the administrators and users will receive the new update automatically in 48 week time or by the end of the weekend, as per the company.

Though, Microsoft has not come upon any malpractices preying on the security loophole, the chances of threat occurrence were good enough for the company to update its application. The Elevation of privileges threat was founded by the Cesar Cerrudo, the CEO of Argeniss, a security research firm. Cesar Cerrudo publicly issued his 'Token Kidnapping' research during the Black Hat security conference in July 2010.