Back

Microsoft Updates Defender Definitions for Windows Installation Images

Severity: Low (Score: 27.9)

Sources: Neowin, Feeds.4Sysops, www.microsoft.com

Published: 2026-06-06 · Updated: 2026-06-06

Keywords: microsoft, windows, defender, update, updates, definitions, server

Summary

Microsoft has released a new update package for Windows Defender, aimed at refreshing security definitions and the anti-malware engine within Windows installation images. This update targets WIM, VHD files, and ISOs used for deploying Windows 10 and Windows 11 operating systems. The update addresses the protection gap that exists between the initial OS setup and the first online update, which can expose users to potential security risks. The latest security intelligence update version 1.451.297.0 was released, enhancing malware detection capabilities against threats such as trojans, ransomware, and backdoor exploits. Affected systems include Windows 11, Windows 10 ESU, and various Windows Server versions. This update is crucial for ensuring that new installations are equipped with the latest anti-malware definitions, thereby improving overall security and performance. Key Points: • Microsoft released a new Defender update for Windows installation images. • The update addresses potential security risks from outdated anti-malware definitions. • Affected systems include Windows 10 and 11, and various Windows Server versions.

Detailed Analysis

**Impact** Windows and Server installation images across multiple versions—including Windows 11, Windows 10 (ESU, Enterprise LTSC 2021, LTSC 2019, LTSB 2016), and Windows Server editions (2022, 2019, 2016)—are affected by outdated Defender definitions. This affects organizations deploying these OS images globally, potentially exposing new installations to malware during initial setup before the first update. The protection gap could allow trojans, backdoors, ransomware, and stealers to compromise systems at deployment, impacting operational security and data integrity. **Technical Details** The update addresses a vulnerability window where Windows installation images (WIM, VHD, ISO) contain outdated Microsoft Defender anti-malware clients, engines, and signature versions. The security intelligence update version 1.445.323.0 refreshes these components, closing the gap between OS setup and first Defender update. Previous intelligence updates (e.g., 1.447.236.0) added detections for malware families including trojans, backdoors, ransomware, stealers, and AutoKMS. No CVEs or specific IOCs were provided in the sources. **Recommended Response** Deploy the latest Defender security intelligence update (version 1.445.323.0 or later) to all Windows installation images used for deployment to ensure updated anti-malware definitions and engines are integrated. Verify that deployment media (WIM, VHD, ISO) are refreshed regularly with current Defender updates to minimize exposure during OS installation. Monitor for malware indicators related to trojans, ransomware, and backdoors post-deployment, as detailed IOCs were not provided.

Source articles (3)

  • Microsoft released new Defender update for Windows 11, 10, Server ISO installations — Neowin · 2026-06-06
    Microsoft releases new Windows Defender update packages very frequently to protect against various newly discovered malware. Once a while every three months or so, the company also pushes out these up…
  • version 1.447.236.0 — www.microsoft.com · 2026-06-06
    This page lists newly added and updated threat detections included in security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware. If you don’t find the latest secur…
  • Microsoft updates Defender definitions for Windows and Server installation images — Feeds.4Sysops · 2026-06-06
    Microsoft has released a new update package designed to refresh the security definitions and engine within Windows installation images. These updates target WIM and VHD files as well as ISOs used for…

Timeline

  • 2026-06-06 — Microsoft releases new Defender update: The update refreshes security definitions and the anti-malware engine in Windows installation images, reducing the protection gap during initial OS setup.
  • 2026-06-06 — Latest security intelligence update released: Security intelligence update version 1.451.297.0 enhances malware detection capabilities for various threats.

Related entities

  • Malware (Attack Type)
  • Ransomware (Attack Type)
  • Trojan (Attack Type)
  • Windows (Platform)
  • Windows Server (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed