Apple may now be the richest company, but it's Microsoft's operating system that still loads on most of our desktops and laptops around the world. So when a major security bug is discovered it's important it gets fixed quickly. And Google researchers recently discovered a really serious one in Windows Defender of all places.
The bug was discovered by Google Project Zero vulnerability researchers Tavis Ormandy and Natalie Silvanovich. As the tweet by Ormandy below notes, this is the "worst Windows remote code exec" bug discovered as far as he can remember.
The vulnerability allows remote code execution if the Microsoft Malware Protection Engine "scans a specially crafted file." If successful, the attacker is then able to run whatever code they like on the breached system as well as using it to start infecting other Windows machines.
So you won't be surprised to hear that Microsoft marked the bug as Critical and already has a fix available to close the security hole. It should be applied to your system automatically over the next few days, or you can manually trigger a Windows Update to install the patch now.