Newsletter Archives

  • Inetpub can be tricked

    Posted on April 25, 2025 at 13:09 CDT by Comment in the Forums

    Kevin Beaumont is out this morning with news that the inetpub folder fix introduces another bug:

    To fix this, Microsoft precreates the c:\inetpub folder on all Windows systems from April 2025’s Windows OS updates onwards.

    However, I’ve discovered this fix introduces a denial-of-service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.

    He indicates that admin and non admin users (uh, more like attackers) can create a junction point or symbolic link between the folder and any other application. You go to install the next windows update and voila — the security update won’t install. Now, you and I would know something was up and eventually come to the point of doing a repair over the top, as I often recommend. In a business setting, however, that machine might remain unpatched for a while and thus remain open to attacks.

    Microsoft, can you spell “unintended consequences?”

    Windows Security , ,

  • Blank Inetpub folder

    Posted on April 24, 2025 at 03:00 CDT by Comment in the Forums

    The other day, Microsoft created the inetpub folder in the system drive as part of a mitigation protection for CVE-2025-21204. It applies to all versions of Windows. I spotted a news article about the proof of concept with an explanation from the security researcher.

    It’s an interesting read and includes some additional hardening suggestions if you think you might be at risk of attack.  The research recommends:

    Restrict ACLs on C:\ProgramData\Microsoft\UpdateStack

    I do not see this as a risk for consumers. It’s a risk for targeted businesses. For the vast majority of patchers, merely installing the update is good enough.

    It does reinforce something that my early testing did not reveal — if you accidentally remove the folder, it will be back again next month. Obviously, Microsoft wants it there for a reason.

    Windows Security , ,

  • April’s deluge of patches

    Posted on April 14, 2025 at 02:42 CDT by Comment in the Forums

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    It’s a good thing we no longer receive individual updates fixing each unique vulnerability. If we did, we’d be calling “uncle” right about now.

    Historically, the number of patches released each April tends to be large. I attribute this to the final end of the holiday slump, when the folks at Microsoft are back up to full steam and working on fixes with gusto.

    This time around, there are 124 vulnerabilities in Windows, Office, Azure, .NET, Visual Studio, BitLocker, Kerberos, Windows Hello, OpenSSH, and Windows’ Lightweight Directory Access Protocol (LDAP).

    Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

    Patch Watch , , , , , , , , , , , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.