Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus. The vulnerability is a remote code execution vulnerability found in the Malware Protection Engine component. A proof-of-concept exploit for the vulnerability is available, but exploitation might not be possible on most systems or the PoC might fail in some situations. Microsoft has not yet released an official patch for a vulnerability in a Microsoft PSExec utility that received a free micropatch through the 0patch platform last week. Customers don’t need to take any action to install the CVE-2021-1647 security update.
Source: https://www.bleepingcomputer.com/news/security/microsoft-patches-defender-antivirus-zero-day-exploited-in-the-wild/