Microsoft Updates Defender Signatures Across Windows Installation Packages

Microsoft continues strengthening its security ecosystem with a new Windows Defender update that refreshes malware protection included in Windows installation images.

The company frequently releases security intelligence updates to help Defender detect newly discovered malware threats. These updates ensure systems remain protected against emerging attacks.

However, installation images such as WIM, VHD, and ISO files often contain older Defender definitions, which can briefly expose newly installed systems to threats until updates are downloaded.

Updated Defender definitions added to Windows installation images

To reduce this security gap, Microsoft periodically refreshes the Defender components included in Windows installation media.

According to Neowin, the latest update adds security intelligence version 1.445.6.0 to official Windows images. The Defender package version included in the refresh is also 1.445.6.0.

This update applies to several Windows versions currently used by enterprises and organizations, including Windows 11, Windows 10 ESU, Windows 10 Enterprise LTSC 2021, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSB 2016, Windows Server 2022, Windows Server 2019, and Windows Server 2016.

The package includes updated Defender components designed to improve detection and threat analysis.

Updated component versions include platform version 4.18.26010.5, engine version 1.1.26010.1, and security intelligence version 1.445.6.0.

These definitions expand Defender’s ability to detect multiple types of malware, including trojans, backdoor exploits, AutoKMS activators, and other malicious software.

Closing the security gap after Windows installation

Without updated Defender definitions inside installation images, newly deployed systems may briefly run with outdated protection until Windows Update downloads the latest signatures.

By refreshing the Defender components inside Windows images, Microsoft ensures that new installations start with more recent protection.

This approach helps reduce the window of vulnerability for organizations deploying Windows across large fleets of devices.

Microsoft continues tightening security across its ecosystem

The update arrives during a broader series of security changes across Microsoft services.

The company recently confirmed that Microsoft Authenticator will eventually block access from rooted Android devices and jailbroken iPhones due to the security risks associated with modified operating systems.

Microsoft Defender for mobile will also drop support for devices running iOS 16 and earlier starting April 30, 2026.

At the same time, security researchers recently reported attacks that abused legitimate digital certificates to install malware on work computers, highlighting the importance of keeping protection tools and definitions up to date.