If you can trust the header data in this MS Support note (I do) it was updated on June 5, 2023. The item is entitled “Windows Defender update for Windows Operating system installation. It describes how to imbue offline Windows images with the latest and greatest Defender capabilities. In fact, that article includes a warning not to apply them to live images. Thus, it’s clear that this MS Defender update targets deployment images.
I got my date information about the article from its HTML meta-data:
<meta name="lastPublishedDate" content="2023-06-05"> <meta name="firstPublishedDate" content="2020-12-04">
How MS Defender Update Targets Deployment Images
Pre-requisites to run the updates — for WIM and VHD files — include:
- Works on OS install images for 64-bit Windows 10 and 11, and Windows Server 2016 and 2019
- OS environment must include PowerShell version 5.1 or newer (current production version is 7.3.4 as I write this)
- Microsoft.Powershell.Security and DISM modules installed
- The PowerShell session for the script <code>DefenderUpdateWinImage.ps1</code> runs with admin privileges. (“Run as administrator” or equivalent.)
The script provides switches to apply, remove or roll back, and list details for the installed update. Useful for those who maintain Windows images and want their security levels up to current snuff.
Find all the details in the MS Support article previously named. Do this before your next scheduled update window, for sure. Of course, this means you’re using Windows Defender as part of your security infrastructure.
MS Is BIG in Security
I just worked on a promotional piece for a joint Rubrik and MIcrosoft security webinar (YouTube video). Amazingly, MS describes itself as “the biggest cyber security company in the world” and did over US$20B in such business in 2022. I guess they do have some legs to stand on in this arena. And indeed, they’re doing all kinds of fascinating stuff with AI and ML to improve their security posture and incident response capabilities. Great stuff!