This vulnerability is known as CVE-2017-0290.
The good news: Microsoft already released a fix for this issue!
Here is a quick way to check if a system is vulnerable:
# Returns a Bool (yep. just True or False) for CVE-2017-0290 vulnerability
(Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0'
# If you see False you should update your Defender Definition File As Soon Ass Possible (ASAP)
And here is a small Gist that could download the latest (non vulnerable definition for you) if the system is vulnerable:
#requires -Version 2.0 -Modules Defender
<#
.SYNOPSIS
Check if the System is effected by CVE-2017-0290
.DESCRIPTION
Check if the System is effected by CVE-2017-0290 and update the Defender definition if needed
.PARAMETER WSUS
Use a WSUS Server instead of the Microsoft Update Server as definition source.
.EXAMPLE
PS C:\> .\check-CVE20170290.ps1
.NOTES
Use the Defender PowerShell Module
#>
param
(
[Parameter(ValueFromPipeline = $true,
Position = 1)]
[switch]
$WSUS
)
process
{
if (-not (Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0')
{
Write-Warning -Message 'This system could be effected by CVE-2017-0290'
Write-Output -InputObject 'Defender update enforced.'
if ($WSUS)
{
# Get the latest Virus and spyware definitions from a WSUS
Update-MpSignature -Verbose -UpdateSource InternalDefinitionUpdateServer
}
else
{
# Get the latest Virus and spyware definitions from Microsoft
Update-MpSignature -Verbose -UpdateSource MicrosoftUpdateServer
}
}
else
{
Write-Output -InputObject 'This system not effected by CVE-2017-0290'
}
}
Hope this helps!