Over the weekend, Google’s Project Zero researchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering what Tavis referred to as “the worst Windows remote code exec in recent memory. This is crazy bad.” This bug could work against a default installation and become a worm that can replicate itself and spread to other computers automatically.
Two days after getting the news of the exploit Microsoft’s Security Response Center and Windows Defender developers deployed a fix that is now available via Windows Update. The versions of Windows affected by this bug are Windows 7, 8.1, RT, and Windows 10. It also affects other anti-malware software typically used by IT departments like Microsoft Forefront Security for SharePoint Service Pack 3, Windows Intune Endpoint Protection, and others. You can see a full list of which security programs that are affected here.
According to the advisory, you should get the update automatically in the background within the next 48 hours, but if you want to stay on top of things head to Settings > Update & security and check for update.
To make sure you have the latest update, head to Settings > Windows Defender and scroll down to the Version info section and make sure your Engine version is 1.1.13704.0 or higher.