Microsoft fixed a vulnerability in the Microsoft Malware Protection Engine discovered by two Google security experts over the weekend. The bug is a “type confusion”” vulnerability in NScript
Source: the risk of exploitation should be lower if the user has turned on Control Flow Guard