CVE-2025-21204

Windows "inetpub" security fix can be abused to block future updates By Lawrence Abrams April 25, 2025 10:23 AM 1 A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates. After people installed this month's Microsoft Patch Tuesday security updates, Windows users suddenly found an "inetpub" folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. I...

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete By Sergiu Gatlan April 11, 2025 10:32 AM 0 Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. This folder is typically used by Microsoft's Internet Information Services (IIS), a web server platform that can be enabled via the Windows Features dialog to host websites and web apps. However, after installing this month's cumulati...

Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws By Lawrence Abrams April 8, 2025 01:50 PM 0 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also fixes eleven "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerabi...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Copilot vibe coding for OS development? Why not

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft's Internet Information Services (IIS). It will be created when you install the security patches whether or not you're using that optional web server. The purpose of the folder is to mitigate a...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources This one weird trick can stop Windows updates dead in their tracks

Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft's mitigation for CVE-2025-21204, an exploitable elevation-of-privileges flaw within Windows Process Activation. Rather than patching code directly, Redmond simply pre-created the fol...