Daily Archives: April 25, 2025

  • Inetpub can be tricked

    Posted on April 25, 2025 at 13:09 CDT by Comment in the Forums

    Kevin Beaumont is out this morning with news that the inetpub folder fix introduces another bug:

    To fix this, Microsoft precreates the c:\inetpub folder on all Windows systems from April 2025’s Windows OS updates onwards.

    However, I’ve discovered this fix introduces a denial-of-service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.

    He indicates that admin and non admin users (uh, more like attackers) can create a junction point or symbolic link between the folder and any other application. You go to install the next windows update and voila — the security update won’t install. Now, you and I would know something was up and eventually come to the point of doing a repair over the top, as I often recommend. In a business setting, however, that machine might remain unpatched for a while and thus remain open to attacks.

    Microsoft, can you spell “unintended consequences?”

    Windows Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.