Anyone who freshly sets up Windows is often unprotected for a short time. A new update for the installation images of Windows 10 and 11 now eliminates the security risk directly from the factory. We explain what users and administrators need to know now.
New protection for installation media
Microsoft has released a major update for Microsoft Defender. It is specifically aimed at installation images for Windows 10 and Windows 11. The company thus ensures that users are protected from current threats during and immediately after installing the operating system.
Because installation media such as ISO files are often months old, they contain outdated malware definitions by default. This poses a potential security risk when the system is first started.
In a support document, Microsoft explains the importance of this update:
In the first few hours of a newly installed Windows installation, the system may be vulnerable due to a Microsoft Defender protection flaw. This is because the operating system installation images may contain outdated anti-malware software binaries.
Protection via WIM and VHD images
The update aims to close the protection gap. Normally, after installation, Microsoft Defender must first connect to the update servers to download current signatures.
Meanwhile, the system could theoretically be compromised by malware that is newer than the installation media. By integrating newer definitions directly into the WIM and VHD images, the time window is eliminated. In addition, in certain scenarios, the update can have a positive impact on the performance of the virus scanner immediately after setup.
As (via Microsoft) now writes, the changes affect various versions of the operating system. The update package updates the anti-malware client, the engine and the signature versions within the installation files. The engine version is increased to 1.1.26010.1, while the platform version now has the identifier 4.18.26010.5. Such updates for installation images typically occur less frequently than the daily signature updates for running systems.
The following operating system versions benefit from updating the installation images:
- Windows 11
- Windows 10 Enterprise (LTSC 2021, LTSC 2019, LTSB 2016)
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
Background to the technology
Administrators often maintain their own images and can manually integrate the updates into their deployment processes. Microsoft points out that support for SHA-2 signing is mandatory for updates to work correctly since October 2019. This is relevant for older environments that still require maintenance. For the end user, this step means, above all, more comfort and safety. Anyone who uses the latest media creation tool or downloads fresh ISO files will automatically receive improved protection.
Do you always use the latest ISO files for new installations or do you rely on the subsequent Windows Update? We’re excited to hear your approach in the comments.
Download Media Creation Tool – Windows 11 ISO laden
- Microsoft updates Defender in Windows installation images
- Outdated malware definitions in ISO files are a security risk
- Newer definitions are integrated directly into WIM and VHD images
- Windows 10, Windows 11 and several server versions are affected
- SHA-2 signing has been mandatory since October 2019
- Offline updates in images save bandwidth during new installations
- End users receive improved protection via current ISO files
See also: