Microsoft has quietly fixed a serious bug in its Windows Defender antivirus software that allowed hackers to hijack infected PCs.

The vulnerability was found in the software's malware protection engine, which is designed to regularly scan files for computer viruses. UK authorities discovered that it could actually be exploited when scanning a "special crafted file," according to Microsoft's security advisory.

The rigged file will trigger the protection engine to execute code on the Windows system, which could let a hacker install programs, edit files, or create new accounts with full user rights.

Getting the rigged file on to a PC could happen in a number ways. Imagine a convincing phishing email or instant message loaded with the attachment. Victims wouldn't even have to open the file; they would simply need to download it, and let Windows Defender scan it.

The threat is especially serious for PCs that enabled Windows Defender real-time protection, which will scan downloaded files automatically.

Fortunately, Microsoft issued a fix that is automatically rolling out to its Windows Defender and Security Essentials software. Users don't need to install any update.

The UK's National Cyber Security Centre —which defends the country from cyber attacks— discovered the flaw, suggesting that it may have been used in a real hack.

It isn't the first time a serious bug has been found in Windows Defender. In May, Google security researchers discovered a remote code execution flaw with the software that was described as "crazy bad." That bug also worked when the malware protection engine scanned a rigged file. Microsoft quickly issued a fix.

PC Magazine