3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Earlier this month, users discovered a rather mysterious "inetpub" folder. They also noticed that nothing bad really happened if they deleted it, at least not apparently. However, when asked about it, Microsoft cautioned not to do so.
The company explained that the folder was automatically created as a byproduct of the recent symlink escalation of privilege flaw it patched with the April 2025 Patch Tuesday updates (Windows 11 / Windows 10). The security vulnerability is tracked under CVE-2025-21204.
Symlinks or symbolic links, also called soft links, are a type of link file that acts as pointers to other files or directories. Hence, a symlink carries a filesystem path to a corresponding target file or directory. However, they are also vulnerable to exploitation from threat actors as they do not require elevated privileges.
And, there is new trouble with this seemingly harmless new folder inetpub. While Microsoft rightly patched the issue, security researcher Kevin Beaumont discovered that the newly introduced inetpub folder can let non-administrators permanently block Windows updates by creating another new symlink.
He explains using the example of how "mklink/j" command can be used to create a directory junction:
Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder.
To fix this, Microsoft precreates the c:\inetpub folder on all Windows systems from April 2025’s Windows OS updates onwards.
However, I’ve discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.
...
So a non-admin user can just do Windows+R, cmd, and then run:
mklink /j c:\inetpub c:\windows\system32\notepad.exe
This creates a symlink between c:\inetpub and notepad. After that point, April 2025 Windows OS update (and future updates, unless Microsoft fix it) fail to ever install — they error out and/or roll back. So you just go without security updates.
Beaumont adds that he reached out to the MSRC (Microsoft Security Research Center) team but has not heard back about it. The company will most likely be aware of the newly introduced flaw, though, and will likely release a subsequent patch for it. We will update when that happens.
Hope you enjoyed this news post.
Thank you for appreciating my time and effort posting news every day for many years.
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357
RIP Matrix | Farewell my friend 
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.