MPE has a fatal vulnerability and Microsoft issues an update to fix it rolling out right now.

Microsoft says that this vulnerability can be TRIGGERED BY ANY MPE FILE SCAN since, by default, the scan happens automatically when a new file is downloaded.

In a nutshell, the system can be exploited by a MEMORY CORRUPTION ERROR in MPE during a scan, ALLOWING CODE EXECUTION with LocalSystem account privileges, the predefined local account used by the service manager.

This big flaw was codenamed by Microsoft CVE-2017-11937 but luckly it looks like it wasn't known yet outside of Microsoft offices.