CyberSecurityBoard
Sponsor Register Login

Microsoft's Symlink Patch Created New Windows DoS Vulnerability

Standard users can create these junction points on many default-configured systems, potentially preventing critical security updates from being installed system-wide. Security researcher Kevin Beaumont has discovered that this fix introduces a denial of service vulnerability that allows non-administrator users to block Windows security updates permanently. Beaumont found that through a simple command line operation, users can create a junction point (a type of file system redirection in Windows) that breaks the update mechanism. To mitigate this vulnerability, Microsoft implemented a fix that automatically creates a folder named “inetpub” on the system drive of all Windows systems, regardless of whether Internet Information Services (IIS) is installed. “After that point, the April 2025 Windows OS update (and future updates, unless Microsoft fix it) fail to ever install — they error out and/or roll back. Once this junction is established, Windows Update encounters errors when trying to interact with the folder, causing updates to fail or roll back. “Non-admin (and admin) users can create junction points in c:” Beaumont explained in his research. The flaw involved improper link resolution before file access (‘link following’) in the Windows Update Stack that allowed an authorized attacker to escalate privileges locally. Microsoft explicitly warned users not to delete this folder, as it’s an integral part of the security enhancement. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security experts warn that this could be easily scripted and deployed by malware or malicious actors seeking to keep systems vulnerable to other exploits. Until Microsoft addresses this issue, system administrators are advised to monitor the system drive for unusual junction points. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This unintended consequence of the patch highlights the complexities of software security and the persistent challenge of preventing unforeseen vulnerabilities.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Apr 2025 08:45:05 +0000


Cyber News related to Microsoft's Symlink Patch Created New Windows DoS Vulnerability

15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
1 month ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
9 months ago Heimdalsecurity.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
6 months ago Bleepingcomputer.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
1 year ago Techtarget.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
1 year ago Techtarget.com
Microsoft: Windows 'inetpub' folder created by security fix, don’t delete - While Redmond still has to explain why the security updates are creating this folder in the first place, the company updated the advisory for a Windows Process Activation elevation of privilege vulnerability (tracked as CVE-2025-21204) overnight to ...
2 weeks ago Bleepingcomputer.com CVE-2025-21204
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
1 year ago Helpnetsecurity.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
1 month ago Bleepingcomputer.com
How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
2 years ago Bleepingcomputer.com
Windows 10 KB5035845 update released with 9 new changes, fixes - Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. After installing this mandatory Windows 10 cumulative update, the March 2024 Patch Tuesday security updates ...
1 year ago Bleepingcomputer.com
Microsoft unveils new 'Sudo for Windows' feature in Windows 11 - Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. The company is also working on open-sourcing the new tool and recommends Gerardo Grignoli's ...
1 year ago Bleepingcomputer.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
1 year ago Darkreading.com CVE-2023-35384 CVE-2023-23397 Fancy Bear
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
1 year ago Packetstormsecurity.com
Microsoft's Symlink Patch Created New Windows DoS Vulnerability - Standard users can create these junction points on many default-configured systems, potentially preventing critical security updates from being installed system-wide. Security researcher Kevin Beaumont has discovered that this fix introduces a denial ...
7 hours ago Cybersecuritynews.com
Windows "inetpub" security fix can be abused to block future updates - After people installed this month's Microsoft Patch Tuesday security updates, Windows users suddenly found an "inetpub" folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. In an update to a security ...
1 hour ago Bleepingcomputer.com CVE-2025-21204

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)