It's not uncommon for security researchers and hackers to discover new ways of being able to attack computers that are connected to the internet (ie, yours and mine). Normally the attack takes the form of an infected file or email that hackers need to trick their victim into opening.
A new vulnerability discovered a couple of days ago, however, raises the bar. If someone sends you the infected file, you don't need to open it. You don't even need to know it's there. Because the weakness is in Windows Defender, the antivirus software that comes free with Windows. And as soon as Windows Defender scans the file (which it does quietly in the background, all the time), your computer is now compromised.
The fix is easy. Right-click on the Windows Defender shield icon in your status bar and open the program. Click on the Settings button towards the top right hand corner of the Defender screen, and scroll down to where the version information is shown. If your engine version is less than 13704, go back to the main Defender screen and click on Update Definitions. This will also update your engine.
If you use Windows Defender as your antivirus and security software, it's highly recommended that you do this as soon as you can.