Back

Microsoft Shifts Defender EDR Updates to Microsoft Update Service

Severity: Low (Score: 24.9)

Sources: Feeds2.Feedburner, Feeds.4Sysops, Neowin

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: microsoft, updates, patch, tuesday, defender, windows, security

Summary

Microsoft has announced a significant change in how it delivers security updates for Microsoft Defender for Endpoint's EDR capabilities. Starting from June 2026, these updates will no longer be bundled with the monthly Patch Tuesday releases but will instead be delivered through the Microsoft Update service. This change aims to allow for faster deployment of security enhancements without waiting for the standard monthly update cycle. The rollout began for Windows 10 devices in late May 2026 and will expand to Windows 11 and other supported versions by fall 2026. Organizations will need to ensure that Microsoft Update is enabled in their update management strategy to receive these updates. The new delivery mechanism is expected to improve protection against evolving threats. Admins relying on manual update packages will need to adjust their processes accordingly. Key Points: • Microsoft Defender EDR updates are now delivered via Microsoft Update instead of Patch Tuesday. • The change allows for faster deployment of security enhancements and fixes. • Organizations must ensure Microsoft Update is enabled for seamless updates.

Detailed Analysis

**Impact** Enterprise organizations using Windows 10 and Windows 11 with Microsoft Defender for Endpoint are affected by this update delivery change. The shift to Microsoft Update enables faster deployment of EDR improvements and security enhancements independent of the monthly Patch Tuesday cycle, potentially reducing the window of exposure to emerging threats. This change impacts global organizations relying on manual update processes, requiring adjustments to update management workflows. No specific sectors or data types at risk are detailed in the articles. **Technical Details** Microsoft Defender for Endpoint's EDR updates will no longer be bundled with monthly Windows security updates but delivered through Microsoft Update using KB5005292, contingent on prerequisite updates and Sense version 10.8798.25857.1000 or later. A new Defender Update Service creates a directory at %ProgramData%\Microsoft\Microsoft Defender\Defender Update for update management. No attack vectors, TTPs, malware, CVEs, or IOCs are mentioned in the articles. **Recommended Response** Organizations should verify that Microsoft Update is enabled and integrated into their update management strategy to ensure uninterrupted EDR update delivery. Admins relying on manual patch deployment must include the new Defender update package and update internal documentation accordingly. Monitoring for update failures and readiness to roll back to the inbox EDR version stored in %ProgramFiles%\Windows Defender Advanced Threat Protection (ATP) is advised. No specific detections or configurations beyond update management changes are provided.

Source articles (3)

  • Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates — Neowin · 2026-06-08
    Recently, Microsoft delivered its latest Defender patches for Windows 11 ISOs. These definitions are released from time to time alongside the general security updates available during Patch Tuesday. S…
  • Microsoft Defender EDR updates move from Patch Tuesday to Microsoft Update — Feeds.4Sysops · 2026-06-08
    Microsoft is decoupling Microsoft Defender for Endpoint Detection and Response (EDR) updates from the traditional monthly Patch Tuesday cycle. These updates will now be delivered through the Microsoft…
  • Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows — Feeds2.Feedburner · 2026-06-08
    Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The r…

Timeline

  • 2026-05-01 — Rollout of EDR updates for Windows 10 begins: Microsoft started delivering EDR updates through Microsoft Update for Windows 10 devices.
  • 2026-06-08 — Microsoft announces EDR update delivery change: Microsoft confirmed the transition of EDR updates to Microsoft Update, enhancing update speed and flexibility.

Related entities

  • Microsoft Defender For Endpoint (Platform)
  • Microsoft Update (Platform)
  • Windows (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed