HomeWinBuzzer NewsMicrosoft Defender Updates Windows 11 and Windows 10 Install Image Security Definitions

Microsoft Defender Updates Windows 11 and Windows 10 Install Image Security Definitions

Microsoft Defender is getting new security definitions to account for outdated Windows 11 and Windows 10 OS installation images.


has released a special update for its Defender that allows users to scan and protect their and installation images. Specifically, adds a new update package for the installation of Windows images on Virtual Hard Disk (VHD) and Windows Imaging Format (WIM).

According to the company, the new definitions cover Windows 11, Windows 10, and Windows Server 2016 and 2019. Microsoft explains the update package is needed as Windows OS installation images may have outdated definitions to protect against malware. Microsoft points out that the updates will make Windows installation images more secure while also increasing performance.

An offline Windows image is a file that contains the operating system files and settings that are used to install or repair Windows. Users can create offline Windows images using tools like DISM (Deployment Image Servicing and Management) or Windows PE (Windows Preinstallation ). Offline Windows images can be useful for deploying Windows to multiple devices, recovering from system errors, or customizing Windows features.

However, offline Windows images can also be vulnerable to malware infections, especially if they are stored on removable media or network shares. Malware can modify the offline Windows image files and compromise the security of the installed or repaired Windows system. Therefore, it is important to scan and protect offline Windows images before using them.

New Updated Definitions for Windows 11/10 OS Images

Microsoft is rolling out the new definitions for Windows OS installation images through security intelligence update version 1.389.44.0. There is also a Defender update that is rolling out in version 20230503.1.

There is an accompanying support document where Microsoft explains the update:

“The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries.

[..] Devices using either the Windows built-in antivirus or another security solution can benefit from these updates.

[..] This article describes antimalware update package for Microsoft Defender in the OS installation images (WIM and VHD files). This feature supports the following OS installation images:

  • Windows 11
  • Windows 10 (Enterprise, Pro, and Home editions)
  • Windows Server 2019
  • Windows Server 2016

Version information

  • Defender package version: 20230503.1

This package updates the anti-malware client, anti-malware engine, and signature versions in the OS installation images to following versions:

  • Platform version: 4.18.2304.8
  • Engine version: 1.1.20300.3
  • Security intelligence version: 1.389.44.0

Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.

Last Updated on May 25, 2023 10:53 am CEST

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News