Microsoft appears to have fixed a security flaw in Windows Defender that was exploiting the internet.
Vulnerability implementations remote code to Microsoft Defender (CVE-2021-1647) turned the Windows security application into an intruder, triggering the execution of the malware while scanning malware, instead of isolating and deleting it.
This means that if a archive sent by email or via a USB drive, the automatic scan is downloaded to your computer, instead of isolating the malware it will immediately activate it.
Exploit has been fixed in Patch Tuesday of the 12th and was one of 80 defects encountered by Microsoft developers.
To check if you are currently protected, simply check the scan engine version number in Windows Security. Open the application and check in Settings - About.
From the release 1.1.17700.4 and above the application is safes.
At least until the next 0day.