Microsoft urges users to update Windows install images to close early Defender security gap

Microsoft is warning users about a security issue affecting fresh Windows installs. A “Microsoft Defender protection gap” was caused by outdated antimalware binaries in installation images.

Why outdated images are risky

If you install Windows using an image that hasn’t been updated recently, Microsoft Defender won’t offer full protection right away. Until it receives the latest definitions and software patches, your device could be exposed. That’s especially risky during those first few hours after setup, before Windows Update kicks in.

Microsoft explains that this gap can also affect devices running third-party antivirus software, since Defender still handles some core security functions. The company says updated Defender binaries not only improve protection but also enhance system performance.

Microsoft recommends quarterly updates

To minimize risk, Microsoft wants IT admins and users to update installation images every three months. This includes versions of Windows 11, Windows 10 (Home, Pro, and Enterprise), and Windows Server (2016, 2019, and 2022).

Updating the image means injecting the latest Defender binaries using PowerShell. Microsoft has published detailed instructions for doing this manually.

If you’re managing virtual machines, setting up new PCs, or reinstalling Windows regularly, it’s worth taking the time to update your image files. That way, Defender protection kicks in immediately—no delay, no gaps.