There is a bug in Windows Defender that allows an attacker to take ownership of a Windows system by simply reading an email or visit a website without any further action.
Microsoft Security Advisory 4022344
1252 - MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. - project-zero - Monorail
The german IT related newspaper c't called it dramatically with an emergency alert
Dramatische Sicherheitslücke in Virenschutz-Software von Windows geschlossen
Microsoft Security Advisory 4022344
1252 - MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. - project-zero - Monorail
The german IT related newspaper c't called it dramatically with an emergency alert
Dramatische Sicherheitslücke in Virenschutz-Software von Windows geschlossen