The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday. The vulnerability can be triggered when the Microsoft Malware Protection Engine scans a specially crafted file. The engine is used by Windows Defender, the malware scanner preinstalled on Windows 7 and later, as well as by other Microsoft products. Microsoft typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle. With real-time protection on, the engine inspects files automatically as soon as they appear.”]