Microsoft's official 'inetpub' folder lets hackers permanently block Windows updates on PCs


Wolfzz

Wolfzz

Well-known member
Pro User
VIP
Local time
12:20 AM
Posts
1,098
Location
Perth Australia
OS
Windows 11 Pro

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i9 12900KF
    Motherboard
    ASUS ROG Maximus Z690 Hero
    Memory
    Corsair 64GB DDR5 Vengeance C40 5200Mhz
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix OC 24GB
    Sound Card
    OnBoard
    Monitor(s) Displays
    Acer Predator XB323UGP 32" QHD G-SYNC-C 144Hz 1MS IPS LED
    Screen Resolution
    2560 x 1440
    Hard Drives
    1x Samsung 980 Pro Series Gen4 250GB M.2 NVMe
    1x Samsung 980 Pro Series Gen4 500GB M.2 NVMe
    2x Samsung 980 Pro Series Gen4 2TB M.2 NVMe
    PSU
    Corsair AX1200i 1200W 80PLUS Titanium Modular
    Case
    Corsair 4000D Black Case w/ Tempered Glass Side Panel
    Cooling
    Noctua NH-U12A Chromax Black CPU Cooler, 4x Noctua 120mm Fans
    Keyboard
    Logitech MK545
    Mouse
    Logitech MX Master 3
    Internet Speed
    Fixed Wireless 150mbps/75mbps
    Browser
    Firefox
    Antivirus
    Kaspersky
    Other Info
    Thrustmaster TS-PC RACER
    Fanatec CSL Elite Pedals with the Load Cell Kit
    Yamaha Amp with Bose Speakers
Waiting to hear more about this one.
 

My Computer

System One

  • OS
    Win 7/10/11
    Computer type
    PC/Desktop
    Other Info
    I'm a computer enthusiast so have quite a few systems that I run. More like an advanced hobby.
"For this vulnerability to be exploited, cybercriminals need to gain regular access to a Windows machine...." :smirk:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    ASUSTeK COMPUTER INC. TUF Gaming FX705GM
    CPU
    2.20 gigahertz Intel i7-8750H Hyper-threaded 12 cores
    Motherboard
    ASUSTeK COMPUTER INC. FX705GM 1.0
    Memory
    24428 Megabytes
    Graphics Card(s)
    Intel(R) UHD Graphics 630 / NVIDIA GeForce GTX 1060
    Sound Card
    Intel(R) Display Audio / Realtek(R) Audio
    Monitor(s) Displays
    Integrated Monitor (17.3"vis)
    Screen Resolution
    FHD 1920X1080 16:9
    Hard Drives
    2 SSD SATA/NVM Express 1.3
    WDS500G2B0A-00SM50 500.1 GB
    WDCSDAPNUW-1002 256 GB
    PSU
    19V DC 6.32 A 120 W
    Cooling
    Dual Fans
    Mouse
    MS Bluetooth
    Internet Speed
    Fiber 1GB Cox -us & IGB Orange-fr
    Browser
    Edge Canary- Firefox Nightly-Chrome Dev-Chrome Dev
    Antivirus
    Windows Defender
    Other Info
    VMs of Windows 11 stable/Beta/Dev/Canary
    VM of XeroLinux- Arch based & Debian 13 (Trixie)
  • Operating System
    Windows 11 Insider Canary
    Computer type
    Laptop
    Manufacturer/Model
    ASUS X751BP
    CPU
    AMD Dual Core A6-9220
    Motherboard
    ASUS
    Memory
    8 GB
    Graphics card(s)
    AMD Radeon R5 M420
    Sound Card
    Realtek
    Monitor(s) Displays
    17.3
    Screen Resolution
    1600X900 16:9
    Hard Drives
    1TB 5400RPM
OAT said:
"For this vulnerability to be exploited, cybercriminals need to gain regular access to a Windows machine...." :smirk:
Click to expand...
I read that and my initial thought was "what is regular access?" Physical access or access via electronic means?
 

My Computer

System One

  • OS
    Win 7/10/11
    Computer type
    PC/Desktop
    Other Info
    I'm a computer enthusiast so have quite a few systems that I run. More like an advanced hobby.
Probably they get access with a Trojan horse that user install
 

My Computers

System One System Two

  • OS
    Windows 11 Pro - Windows 7 HP 64 - Lubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    custom build
    CPU
    i5 6600K - 800MHz to 4400MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Win 11
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    (4) -1 BX500 SSD - 128G for Windows 7 and Lubuntu
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500 Mb/s
    Browser
    Firefox 64
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Asus Q550LF
    CPU
    i7-4500U 800- 3000MHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs
    & 1T HDD for data
    Internet Speed
    500 Mb/s
    Browser
    Firefox 64
i changed all the permissions on that folder that could be changed so no one had access
then i deleted the inetpub folder from all (4) windows systems. it will remain that way.

best of luck, Steve ..
 

My Computers

System One System Two

  • OS
    Windows 11 24H2 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    900MB full fibre
    Browser
    Firefox ESR & Thunderbird
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
  • Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Gerenic 3 button
    Internet Speed
    WiFi only
    Browser
    FireFox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
The article cited by ghacks says:

Non-admin (and admin) users can create junction points in c:\

So a non-admin user can just do Windows+R, cmd, and then run:

mklink /j c:\inetpub c:\windows\system32\notepad.exe

This creates a symlink between c:\inetpub and notepad. After that point, April 2025 Windows OS update (and future updates, unless Microsoft fix it) fail to ever install — they error out and/or roll back. So you just go without security updates.
Click to expand...

Which you can do if c:\inetpub doesn't exist. If it does this won't work.

Although the underlying API does allow any user with WRITE_ATTRIBUTES permission to change an existing empty folder, mklink insists on creating a new folder. But if the folder already exists and you don't have WRITE_ATTRIBUTES permissions a special tool still wouldn't help.

If you have admin rights you can already do anything you like. Creating a file in the folder which explained what it was doing and didn't have write or delete permissions for administrators wouldn't stop the determined, but might discourage "clearing up".

So I think we can ignore this. Provided we have the folder there with the forest permissions.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 23H2 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI
    CPU
    i3-1215U
    Memory
    8GB
    Monitor(s) Displays
    Dell S2721
    Screen Resolution
    3840x2160
    PSU
    External 65W
    Keyboard
    Cherry mechanical (Blue)
    Mouse
    Microsoft
    Browser
    FireFox
    Antivirus
    MS
Just another epic failure of MS software engineering
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Like everything else that comes along, everyone is getting their panties in a wad and immediately panicking and deleting the folder. If there is a hole caused by the addition of this folder, don't you think it is a top priority with MS to fix the vulnerability. Chill a few days and give them a chance, folks. According to bleepingcomputer, MS has said we should NOT delete the folder.
While Redmond still has to explain why the security updates are creating this folder in the first place, the company updated the advisory for a Windows Process Activation elevation of privilege vulnerability (tracked as CVE-2025-21204) overnight to warn users not to delete the new empty inetpub folder on their hard drives.

source: Microsoft: Windows 'inetpub' folder created by security fix, don’t delete
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.3775
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External drives 512gb Samsung m.2 sata+1tb Kingston m2.nvme+ 4gb Solidigm nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom