There is (or was) a vulnerability in Windows Defender, but you don’t have to worry about it. That’s the short version.
The longer version, for those who are interested, is that Microsoft detected a fault in its homegrown antivirus software and admitted as much in an official security note, per Forbes. Microsoft’s security note included an executive summary that explained the problem in something resembling layman’s terms:
“Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network,” the summary read.
Mashable Light Speed
In other words, it was theoretically possible for someone to use this exploit to send private files over a network to people who aren’t meant to see them. There are apparently no known instances of anyone actually using this exploit, but it did exist. Emphasis on did.
That’s because Microsoft has closed the loop on the exploit, confirming that users don’t need to take any action to fix it themselves. Just don’t do anything, according to Microsoft. That’s easy enough.
