CyberSecurityBoard
Sponsor Register Login

Windows "inetpub" security fix can be abused to block future updates

After people installed this month's Microsoft Patch Tuesday security updates, Windows users suddenly found an "inetpub" folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. In an update to a security advisory, Microsoft later confirmed that the C:\inetpub folder was part of a fix for a Windows Process Activation elevation of privilege vulnerability tracked as CVE-2025-21204, with the company warning not to delete the folder. However, cybersecurity expert Kevin Beaumont has demonstrated that this folder can be abused to prevent further Windows updates from being installed if it is created a certain way. A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates. "I've discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates," Kevin Beaumont. "After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device," confirmed Microsoft. When asked why this junction is preventing the update from being installed, Beaumont says he believes it's because the update expects a folder rather than a file. In a new report, Beaumont says that Windows users, even those without administrative privileges, can create a junction between C:\inetpub and a Windows file, like C:\windows\system32\notepad.exe using the following command. It was strange to see this folder created as it is normally used to hold files associated with Microsoft's Internet Information Service web server, which was not installed on these devices. A Windows junction is a special type of folder that redirects access to another folder on the same or another drive, making it appear as though the content exists in both locations. "It works with basically any file, I think it's because the servicing stack expects c:\inetpub to be a directory - but mklink allows you to make a junction to a file," Beaumont told BleepingComputer.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 25 Apr 2025 14:25:07 +0000


Cyber News related to Windows "inetpub" security fix can be abused to block future updates

Windows "inetpub" security fix can be abused to block future updates - After people installed this month's Microsoft Patch Tuesday security updates, Windows users suddenly found an "inetpub" folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. In an update to a security ...
2 weeks ago Bleepingcomputer.com CVE-2025-21204
Microsoft: Windows 'inetpub' folder created by security fix, don’t delete - While Redmond still has to explain why the security updates are creating this folder in the first place, the company updated the advisory for a Windows Process Activation elevation of privilege vulnerability (tracked as CVE-2025-21204) overnight to ...
1 month ago Bleepingcomputer.com CVE-2025-21204
Microsoft Asks Windows 11 Users Not to Delete Mysterious “inetpub” Folder - While the sudden appearance of an empty folder might trigger security concerns for vigilant Windows users, the directory represents an important security enhancement rather than a threat in this case. Microsoft’s implementation demonstrates a ...
3 weeks ago Cybersecuritynews.com CVE-2025-21204
Windows 11 April update unexpectedly creates new 'inetpub' folder - Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. However, this folder is now ...
1 month ago Bleepingcomputer.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
CVE-2025-21631 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 ...
3 months ago Tenable.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
11 months ago Go.theregister.com
Microsoft's Symlink Patch Created New Windows DoS Vulnerability - Standard users can create these junction points on many default-configured systems, potentially preventing critical security updates from being installed system-wide. Security researcher Kevin Beaumont has discovered that this fix introduces a denial ...
2 weeks ago Cybersecuritynews.com
CVE-2021-47275 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
Apple Releases Updates for Older Devices in 2021 - Apple released updates to many of its older devices in 2021, including the iPhones, iPads, and Macs. The updates are to address security vulnerabilities that were discovered in the company's older devices. Apple has previously released several ...
2 years ago Thehackernews.com
12 Software Dev Predictions for Future - Predicting the future of software development trends is always a tough call. Such trends will also rule the future of the software development industry. Analyzing these future software development trends will put enthusiasts ahead of the competition. ...
1 year ago Feeds.dzone.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
1 month ago Cybersecuritynews.com
CVE-2024-35807 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 ...
11 months ago Tenable.com
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
1 year ago Packetstormsecurity.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 month ago Cybersecuritynews.com
CVE-2024-47706 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | ? | ? | ? | | | | | | V | V | V | ...
6 months ago Tenable.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
CVE-2024-53170 - In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is ...
4 months ago Tenable.com
Microsoft fixes VPN failures caused by April Windows updates - The list of impacted Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later. Since Redmond includes all security fixes in a single update, uninstalling the April updates will also remove all fixes for patched security ...
11 months ago Bleepingcomputer.com
Microsoft Reminds of Windows 10 To Reach End of Support - Whether upgrading to Windows 11, purchasing new hardware, or investing in Extended Security Updates, the message from Microsoft is clear: the time to prepare for Windows 10’s end of support is now. Microsoft has announced that Microsoft 365 ...
6 days ago Cybersecuritynews.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
7 months ago Helpnetsecurity.com
Microsoft adds hotpatching support to Windows 11 Enterprise - If all prerequisites are met to receive hotpatch updates, you can enable or disable them by going to Devices > 'Windows updates'> 'Create Windows quality update policy' in the Microsoft Intune admin center to create a Windows quality update ...
1 month ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)