While many of us were enjoying sport or time with friends and family over the weekend, two Google Project Zero researchers made a significant discovery in Microsoft's Windows Defender system. Tweeting out the find, Tavis Ormandy and Natalie Silvanovich, described it as, "the worst Windows remote code exec in recent memory." 

I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥

— Tavis Ormandy (@taviso) May 6, 2017

The vulnerability deals with the anti-malware engine residing within Windows Defender, which is designed to scan files on a user's computer. The issue arises from the anti-malware engine being able to be tricked into executing code that could potentially target a machine and even replicate itself, spreading to other machines on the same network. 

To Microsoft's credit, they acted promptly to when the issue was raised, with the company's Security Response team rolling out a fix to users that Windows Defender would update automatically. To ensure your Microsoft device is protected against this latest discovery, check that the engine version is 1.1.13704.0 or better. 

Just released malware protection engine update to
address RCE vuln – Defender will autoupdate. https://t.co/rzn5QWo6sV

— Security Response (@msftsecresponse) May 9, 2017