Microsoft released an emergency update for the malware protection engine that most users should get automatically. What makes this so funny is the fact that what's supposed to protect your system has to be fixed to protect itself.

If you don't have auto updates turned on, it would be a good idea to go download the patch and install it manually. According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats reports register. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.

Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.

Microsoft notes that, because Malware Protection Engine is set up to constantly receive updates, the fix will automatically be delivered over the air for most home users and many enterprise customers.

Microsoft Issues Emergency Update to their Malware Protection Engine