Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware

Microsoft continually updates security intelligence in antimalware products to cover the latest threats and to constantly tweak detection logic, enhancing the ability of Microsoft Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection.

Microsoft security intelligence updates include software that incorporates material from third parties. Third-party notices and information

Automatic updates

To help ensure your antimalware solution detects the latest threats, get updates automatically as part of Windows Update. If you are having problems with Windows Update, use the troubleshooter.

If you don’t already use Microsoft Defender Antivirus, learn how to turn it on.

Trigger an update

A manually triggered update immediately downloads and applies the latest security intelligence. This process might also address problems with automatic updates. Microsoft Defender Antivirus and other Microsoft antimalware solutions provide a way to manually trigger an update.

In Windows 10, select Check for updates in the Windows Security Virus & threat protection screen to check for the latest updates.

Enterprise administrators can also push updates to devices in their network. To clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:

Manually download the update

You can manually download the latest update.

Latest security intelligence update

The latest security intelligence update is:

• Version: 1.335.1143.0
• Engine Version: 1.1.18000.5
• Platform Version: 4.18.2103.7
• Released: 4/18/2021 2:43:38 PM
• Documentation: Release notes

You need to download different security intelligence files for different products and platforms. Select the version that matches your Windows operating system or the environment where you will apply the update.

Note: Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
Please make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Antimalware solution	Definition version
Microsoft Defender Antivirus for Windows 10 and Windows 8.1	32-bit | 64-bit | ARM
Microsoft Security Essentials	32-bit | 64-bit
Windows Defender in Windows 7 and Windows Vista	32-bit | 64-bit
Microsoft Diagnostics and Recovery Toolset (DaRT)	32-bit | 64-bit
System Center 2012 Configuration Manager	32-bit | 64-bit
System Center 2012 Endpoint Protection	32-bit | 64-bit
Windows Intune	32-bit | 64-bit

The links point to an executable file named mpam-fe.exe , mpam-feX64.exe , or mpas-fe.exe (used by older antispyware solutions). Simply launch the file to manually install the latest security intelligence.

End of life for Microsoft Forefront Client Security was on July 14, 2015. Customers are encouraged to migrate to System Center Endpoint Protection. For more information, visit the Microsoft support lifecycle website.

Network Inspection System updates

The following products leverage Network Inspection System (NIS) updates:

• Microsoft Security Essentials
• Forefront Endpoint Protection
• System Center 2012 Endpoint Protection

These updates are designed to protect you from network threats, including exploits as they are transmitted. Check the version of the Antimalware Client component on your security software and download the right version of the NIS updates for your platform.

Скачивание последних обновлений определений для Microsoft Security Essentials

Решение

Обратите внимание, что Microsoft Security Essentials должны быть установлены последние версии Microsoft Security Essentials вирусов и шпионских определений.

Перед установкой правильной версии обновления Microsoft Security Essentials вирусов и шпионских программ необходимо знать:

Будь то Windows XP, Windows Vista или Windows 7 в 32- или 64-битной операционной среде.

Вошли ли вы в Windows в качестве администратора.

Если вы не знаете тип среды Windows XP, Windows Vista или Windows 7 или вам нужна помощь с проверкой того, являетесь ли вы администратором на компьютере, перейдите на сайт «Проверка среды» и определите, вошли ли вы с помощью веб-сайта Майкрософт с учетной записью администратора.

После проверки операционной среды выполните следующие действия:

Скачайте Microsoft Security Essentials обновления вирусов и шпионских программ, подходящий для вашей версии Windows:

Скачать файл для 32-битной (на базе x86) версии Windows

Скачать файл для 64-битной версии Windows

Обратите внимание, что для запуска 64-Microsoft Security Essentials необходимо использовать 64-битную версию Microsoft Security Essentials. В 64-битной версии Windows есть 64-битные версии Windows.

Нажмите кнопку «Запустить», чтобы сразу установить файл обновления определения. Или нажмите кнопку «Сохранить», чтобы сохранить файл на компьютере. Если нажать кнопку«Сохранить», запомните папку, в которой вы сохранили файл.

Чтобы установить сохраненный файл, выполните следующие действия:

Windows XP
Дважды щелкните файл и нажмите кнопку «ОК».

Windows Vista или Windows 7
Щелкните файл правой кнопкой мыши и выберите «Запуск от администратора». При появлении запроса на ввод пароля администратора или подтверждения введите пароль или нажмите кнопку Продолжить.

При запуске файла обновления определения появляется диалоговое окно извлечения файла. В диалоговом окне указывается, что устанавливается обновление определения. После того как диалоговое окно извлечения файлов закроется, вы можете проверить, были ли обновлены определения вирусов и шпионского ПО. Для этого откройте Microsoft Security Essentials нажмите кнопку «Обновить»и проверьте состояние определений вирусов и шпионских программ.

Дополнительная информация

Устранение неполадок с обновлением Microsoft Security Essentials

Чтобы устранить проблему, из Microsoft Security Essentials не обновлялись автоматически, перейдите на следующий веб-сайт Майкрософт: устранение неполадок с обновлением Microsoft Security Essentials

Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, 1903, 1909, Windows Server 2016 and Windows Server 2019: February 11, 2020

This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

Summary

This security update makes improvements to the supported Windows 10 versions listed in the «Applies to» section. Key changes include the following:

Addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability.

To learn more about this security update, see Microsoft Common Vulnerabilities and Exposures.

Known Issues

Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to desktop and receive the error “There was a problem resetting your PC”.

This standalone security update has been removed and will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:

Select the start button or Windows Desktop Search and type update history and select View your Update history.

On the Settings/View update history dialog window, Select Uninstall Updates.

On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.

Restart your device.

Upon restart use the “Reset this PC” feature and you should not encounter this issue.

We are working on an improved version of this update in coordination with our partners and will release it in a future update.

You might encounter issues trying to install or after installing KB4524244.

To help a sub-set of affected devices, this standalone security update has been removed and will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

If this update is installed and you are experiencing issues, you can uninstall this update.

Select the start button or Windows Desktop Search and type update history and select View your Update history.

On the Settings/View update history dialog window, Select Uninstall Updates.

On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.

Restart your device.

We are working on an improved version of this update in coordination with our partners and will release it in a future update.

How to get this update

Important This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

Prerequisites

There are no prerequisites to apply this update.

Restart information

Your device does not have to restart when you apply this update. If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device will restart two times.

Update replacement information

This update does not replace any previously released update.

File information

Windows 10, version 1903 and Windows 10, version 1909

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10, version 1809 and Windows Server 2019

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10, version 1803

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10, version 1709

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10, version 1703

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10, version 1607 and Windows Server 2016

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Security Update Guide FAQs

The Security Update Guide is the authoritative source of information for Microsoft security updates. The SUG helps IT professionals understand and use Microsoft security release information, processes, communications, and tools so they can manage organizational risk and develop a repeatable, effective deployment mechanism for security updates.

Accessing the Security Update Guide data: You can customize your views and download affected software spreadsheets, as well as access data via a RESTful API.

Security Update Guide tutorials: A series of Security Update API demo videos have been published on the Microsoft Support YouTube channel. The series will walk you through how to access the API and how to retrieve security update data using the API.

Microsoft schedules the release of security updates on «Patch Tuesday,» the second Tuesday of each month at 10:00 AM PST.

Depending on time zone(s) in which the organization operates, IT pros should plan their deployment schedules accordingly. Please note that there are some products that do not follow the Patch Tuesday schedule.

Microsoft sends out a notification whenever there is material information that affects customers’ security. If security changes are required, Microsoft releases a security update which includes all of its supporting collateral such as the Security Update Guide and Knowledge Base article. Otherwise, Microsoft communicates via several methods (for example, a security advisory or a blog post) on the matter that affects customers’ security and provides guidance along the way.

Microsoft Technical Security Notification Services

Microsoft’s free monthly Security Notification Service provides links to security-related software updates and notification of re-released security updates. You can choose between basic and comprehensive formats. These notifications are written for IT professionals, contain in-depth technical information, and are digitally-signed with PGP.

Microsoft Security Response Center (MSRC) blog alerts

The MSRC blog provides a real-time way for the MSRC to communicate with IT pros. The MSRC uses this blog to disseminate important and material security communications to help IT pros understand Microsoft security response efforts; updates during the early stages of security incidents; and regular postings for the vulnerabilities release cycle: https://msrc-blog.microsoft.com/

MSRC Twitter: @msftsecresponse

MSRC uses a verified Twitter account to post brief notifications about security updates, security advisories and other security issues. Follow @msftsecresponse for fast access to the latest information.

Unfortunately not. Our current system accepts only Microsoft accounts, which cannot be created with work or school emails.

Microsoft subjects all security updates to extensive research, development, and testing processes, and released only when they meet an acceptable level of quality. As part of the risk assessment process, administrators often want to identify any known issues. Typically, these issues will be documented in Knowledge Base articles associated with the security updates at support.microsoft.com. These Knowledge Base articles accompany all security updates and advisories, and include caveats or known issues with security updates. Additionally, support engineers document common concerns from customers in these KB articles.

These Knowledge Base articles are published the Security Update Guide with each release on Patch Tuesday.

Yes. Microsoft publishes localized security update release information on the Security Update Guide.

Yes. You can find acknowledgements in the CVE Detail sections of the Security Update Guide. You can also see a list of all Acknowledgements here: https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments

Microsoft has made the strategic decision to follow the CVRF Industry Standard for vulnerability reporting. You can learn more about CVRF and review the data schema at http://www.icasi.org/cvrf/

The Security Update Guide dashboard is available without logging in. If you click the Developer tab to access the API, you’ll be prompted to log in to your Microsoft account.

Thanks! You can post suggestions on the Security Update Guide Feedback Form.

In the Security Update Guide, you can group related updates by combining the date filter with Product Category, Severity, and Impact filters. You can then download the results to CSV.

To help customers understand the risk associated with each vulnerability, Microsoft provides the following data on the Security Update Guide:

• Impact: security threats of the vulnerability.
• Severity: Maximum potential impact of the attack. See more at Security Update Severity Rating System
• CVSS Score: Common Vulnerability Scoring System (CVSS)
• Publicly Disclosed: Marked YES when the vulnerability has been publicly disclosed before the release of the security update.
• Exploited: Marked YES when the vulnerability has been exploited before the release of the security update.
• Microsoft Exploitability Index: Potential exploitability of each vulnerability of Important or Critical severity associated with a Microsoft security update. See more at Microsoft Exploitability Index

Additional Microsoft resources to evaluate risk:

Windows Update and Microsoft Update

• Security Updates are generally categorized as Important and will be downloaded and installed automatically.

Microsoft Update Catalog

• To get the standalone package for security update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Installation Logic: ​With automatic update technologies, detection and installation logic automatically manages the installation order of security updates. If you manually install security updates, please make sure to check the Security Update Guide and Knowledge Base article before installing.

Patch compliance: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update or to a Windows Server Update Services (WSUS) server, which enables computers that are not connected to the Internet to be scanned for security updates. For more info, see “Using WUA to Scan for Updates Offline”

File size of security update: File size of each security update package is documented on the Windows Update catalog site.

Servicing Models of Windows: Windows uses a rollup model to bring a more consistent and simplified servicing experience. Learn more about the servicing model of Windows at:

Please see this guided walkthrough which provides steps to fix problems with Windows Update, such as taking a long time to scan or error codes while installing updates.

Also, Windows Release Information publishes known issues on Windows.

The way Microsoft documents security updates has changed. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, has been retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers (CVE) and KB Article ID numbers.

Updates will be supported for the duration of the product’s lifecycle. For more information about the support and servicing timeline for a specific product, please see the Lifecycle Product Database.

Support end-day policy: In the event Microsoft releases a security update on the same day that a product is scheduled to end its lifecycle, security update supports will continue for a minimum of 30 days.

Extended Security Updates: The Security Update Guide lists the vulnerabilities in the products with the Extended Security Updates. In order to receive the security updates, valid license for the Extended Security Updates is required. Please see the Extended Security Update FAQs for more information.