Microsoft developed a new tool to enable system admins to update the Defender package within Windows installation images (WIM or VHD).
The tool serves enterprises where administrators utilize installation images to service workstations and servers. These images may be reused multiple times. This means that the Microsoft Defender package is installed with an outdated detection database.
Why is Microsoft released this new tool?
Even though the newly installed Windows will update the Defender package at some point, a “protection gap” remains. This gap allows threat actors to attack the vulnerable operating system.
“Initial hours of newly installed Windows OS deployments can suffer with Microsoft Defender protection gap, as the installation OS images may contain outdated Anti-Malware Software binaries,” Microsoft explains. These devices will be protected until the first Anti-Malware software update finishes.
Regular servicing of OS installation images to update Microsoft Defender binaries reduces the so-called protection gap in new deployments, the company adds.
The tool is designed for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. It supports both 32-bit and 64-bit architectures. Shortly said, it allows system admins to update their WIM or VHD installation images to contain the latest Defender.
How to obtain and use the tool
To obtain this update, you should download the appropriate update packages for the various Windows Operating System image architectures. Then, select the architecture that matches your installation image to which you want to apply this update.
To run the package update tool (DefenderUpdateWinImage.ps1), you need a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. The tool also needs Microsoft.Powershell.Security and DISM modules installed. Also, note that you shouldn’t use this package to update live images as it can damage Windows Operating System that Is running inside the Virtual Machine, Microsoft warns.
More information is available in the official Microsoft advisory.