Microsoft Emergency Patch for Malware Protection Engine
On May 8, 2017, Microsoft released an emergency patch for the Microsoft Malware Protection Engine which exists in Windows Defender. The vulnerability allows a remote attacker to obtain SYSTEM level privileges if a specially crafted file is scanned. Malware Protection Engine version 1.1.10701.0 or later are not affected by this vulnerability. More information can be obtained at https://technet.microsoft.com/en-us/library/security/4022344.