Microsoft has just released a breaking advisory that states that all versions of its antimalware software is subject to a Denial of Service attack.
The vulnerability is in the Malware Protection Engine itself, which means that the software must be updated. An update to fix the vulnerability is already available and will deliver automatically through the built-in mechanism. However, it's important to be aware of this threat and ensure that that all managed systems get the update as soon as possible.
The Malware Protection Engine vulnerability affects ALL versions, including Endpoint Protection, Security Essentials, Windows Defender, and others running on all supported versions of Windows (client and server). And, even Windows XP will see an update. Though Windows XP (the OS) will no longer received support and updates, Microsoft has promised to continue to keep the Antimalware package up-to-date to attempt to minimize known threats.
The full advisory is here: Microsoft Security Advisory 2974294