Just when I thought Microsoft after all these years without a internal Virus defense protection mechanism was beginning to get their act together this happens.
Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.
According to Windows system admins reports [1, 2, 3, 4], this started happening several hours ago and, in some cases, it led to a “downpour of ransomware alerts.”
Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.
Source: BleepingComputers