The bug, as described in this Microsoft support forum post, displayed the error "MsMpEng.exe application error. The instruction at "0x5a4d684d" referenced memory at "0x00000000" The memory could not be read" and proceeded very slowly or not at all.
[UPDATE: The image below, sent in by a reader, is another manifestation of the bug:]
The buggy update was shipped on April 15 and corrected later with a signature update which, Microsoft says, fixed the problem automatically. Users who have applied workarounds like disabling security features can re-enable the features after applying the signature update.
The company says:
While the issue primarily impacted customers running Microsoft security products on Windows XP and Windows Server 2003, it may have also impacted other supported operating system versions. Microsoft continues to supply antimalware engine and signature updates for Windows XP systems which is supported through July 14, 2015.
Rampant speculation that the bug is another effort to get users off of Windows XP seems to be misplaced if, as Microsoft says, it also affected paying customers of supported products.