Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder. ..
To fix this, Microsoft precreates the c:\inetpub folder on all Windows systems from April 2025’s Windows OS updates onwards.
However, I’ve discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates…
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
inetpub : Microsoft’s patch for CVE-2025–21204 introduces vulnerability
- This topic has 0 replies, 1 voice, and was last updated 1 month ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Office gets current release
by 1 hour, 51 minutes ago
-
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by 7 hours, 13 minutes ago
-
Windows AI Local Only no NPU required!
by 3 hours, 58 minutes ago
-
Stop the OneDrive defaults
by 8 hours, 2 minutes ago
-
Windows 11 Insider Preview build 27868 released to Canary
by 17 hours, 58 minutes ago
-
X Suspends Encrypted DMs
by 20 hours, 10 minutes ago
-
WSJ : My Robot and Me AI generated movie
by 20 hours, 28 minutes ago
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by 21 hours, 5 minutes ago
-
OpenAI model sabotages shutdown code
by 21 hours, 42 minutes ago
-
Backup and access old e-mails after company e-mail address is terminated
by 9 hours, 52 minutes ago
-
Enabling Secureboot
by 16 hours, 52 minutes ago
-
Windows hosting exposes additional bugs
by 1 day, 5 hours ago
-
No more rounded corners??
by 1 day, 1 hour ago
-
Android 15 and IPV6
by 15 hours, 10 minutes ago
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by 1 day, 17 hours ago
-
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by 1 day, 20 hours ago
-
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by 1 day, 15 hours ago
-
Windows Update orchestration platform to update all software
by 2 days, 3 hours ago
-
May preview updates
by 1 day, 15 hours ago
-
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by 1 day, 6 hours ago
-
Just got this pop-up page while browsing
by 1 day, 20 hours ago
-
KB5058379 / KB 5061768 Failures
by 1 day, 17 hours ago
-
Windows 10 23H2 Good to Update to ?
by 19 hours, 25 minutes ago
-
At last – installation of 24H2
by 2 days, 19 hours ago
-
MS-DEFCON 4: As good as it gets
by 16 hours, 12 minutes ago
-
RyTuneX optimize Windows 10/11 tool
by 3 days, 7 hours ago
-
Can I just update from Win11 22H2 to 23H2?
by 1 day, 6 hours ago
-
Limited account permission error related to Windows Update
by 3 days, 21 hours ago
-
Another test post
by 3 days, 21 hours ago
-
Connect to someone else computer
by 3 days, 15 hours ago
Remembering Woody
