Microsoft was forced to patch its malware detector this week after it discovered a bug that allowed attackers to disable the protection with an email attachment.
Hackers could have created files designed to disrupt the malware scanner and sent them through email, rendering the security useless until the file was removed from the system.
"An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted," said Microsoft.
Had the bug been exploited it could have led to operating systems or programmes locking up, requiring a manual restart to restore service. Though the flaw was regarded by Microsoft as important, there have been no reported instances of it taking place.
The bug, which affected programmes such as the company's Security Essentials and Windows Defender, has been automatically patched.
"Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly," it added.