https://www.bleepingcomputer.com/news/security/microsoft-defender-tags-office-updates-as-ransomware-activity/ > Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. > According to Windows system admins reports [1, 2, 3, 4], this started happening several hours ago and, in some cases, it led to a "downpour of ransomware alerts."