Microsoft quickly fixed a startling vulnerability in its anti-malware engine. The flaw was within Microsoft’s Malware Protection Engine, a complex component that watches all activity in a computer’s file system for signs of malicious activity. Researchers found that a function within NScript failed to validate a message string, allowing an attacker to pass on other arbitrary objects. No user interaction is required if real-time protection is enabled if the engine automatically scans files. The victim doesn’t even have to open the email or an attachment, they write.”]
Source: https://www.cuinfosecurity.com/devastating-flaw-found-in-microsofts-av-engine-a-9909