After a recent Microsoft Defender for Endpoint update, administrators started to receive multiple ransomware alerts on clean system files in relation to Office updates.
This was a false positive, after a heuristic code update was a bit too aggressive and started detecting benign files. Microsoft added this case to its cloud clean set and cleared out the previous FP detections in customers' consoles.
Unfortunately, this isn't the first time that this has happened. In November, for example, Defender prevented users from opening clean Office documents because of a false positive marking them as Emotet malware.
Acronis Cyber Protect can automatically create a backup before you perform any updates, providing you with a quick option to roll back systems to a known working state if needed.