https://www.theregister.co.uk/2017/12/07/microsoft_emergency_update_malware_protection_engine_needs_erm_malware_protection/

Stop appreciating the irony and go install the patch now

Microsoft has posted an out-of-band security update to address a remote code execution flaw in its Malware Protection Engine.

Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.

The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.

....................

Hi all,

My machine running Windows Defender has updated to that version but the machines running Norton haven't, which makes sense to me.

SoulAsylum:

Rainbow_2 I'm not seeing this update being pushed through live updates. Here is the best info I have on it: https://portal.msrc.microsoft.com/en-US/security-guidance

Hi SoulAsylum:

Vista SP2 is not mentioned in that security advisory but when I started Windows Defender yesterday (the old-style anti-spyware scanner for Vista SP2 and Win 7 SP1, not the Windows Defender antivirus for Win 8.x and higher) and clicked Check for Updates it installed the new v1.1.14405.2 scan engine that patches this vulnerability.  I tried running a manual Windows Update first, but for some reason Windows Update reported I was fully patched.

---------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.5.2 * NS Premium v22.11.2.7 * MB Premium v3.3.1

Rainbow_2 I'm not seeing this update being pushed through live updates. Here is the best info I have on it: https://portal.msrc.microsoft.com/en-US/security-guidance

Cheers