Latest news with #CVE-2025-21204
Forbes
2 days ago
- Forbes
Microsoft Issues Critical Windows Update—Do Not Delete This
You have been warned — do not hit delete. NurPhoto via Getty Images You won't like this. If you're at risk from this Windows security vulnerability, the fix is a nightmare unless you're a fairly expert user. That's not ideal, and it's all down to an update quietly installed on your PC without explanation in April. You may recall the awkward saga of the 'inetpub' folder and 'Microsoft's confusing messaging on deleting or not deleting this mysterious folder on your PC that could leave you and your PC at risk.' Plenty of users deleted the folder that suddenly turned up. 'After installing this update or a later Windows update,' Microsoft later explained, the new folder will appear on your device. 'This folder should not be deleted.' This empty folder, Windows Latest explains, 'is typically associated with Internet Information Services (IIS), which is a native Windows service that allows developers to host websites or apps on Windows 11.' The empty folder appeared without explanation. 'Some of us assumed that it's a bug with the cumulative update and deleted the folder.' Now we have news of an actual fix. 'If you deleted the 'inetpub' folder, created after Windows April 2025 updates,' Windows Latest warns, 'you need to immediately bring it back.' You can turn on the IIS service or 'use a new PowerShell script.' Only after all those deletions did the explanation come. The 'inetpub' folder 'is created as part of a security patch for CVE-2025-21204,' Windows Latest says, 'and it doesn't matter whether IIS is turned on or not. It'll show up, and you're not supposed to delete it, and if you deleted it, please bring it back, according to Microsoft.' You can turn on IIS, 'however, that's something most people don't want to do because IIS also creates additional folders, which are not required unless you're a developer. Instead you can run Microsoft's newly released PowerShell script. First ensure you're logged in as an Administrator, then you can follow Windows Latest's instructions: Mostly users are unlikely to go through this, which will leave them at risk. 'As per Microsoft, without the folder and its correct ACLs (Access Control Lists), you remain exposed to potential privilege escalation or unauthorized access.'
Forbes
27-04-2025
- Forbes
New Security Warning After 1 Billion Windows Users Told Do Not Delete
That mystery Windows security update could block new security updates. As if users of the world's most popular, although I use that term with some caution, operating system don't have enough security issues to worry about, Microsoft appears to have introduced one of its own making. With dangerous infostealer malware on the hunt for Windows passwords and 2FA code bypassing cookies and a record number of vulnerabilities reported, the last thing a billion Windows users want to hear is that an update meant to solve security issues could have introduced a new one of its own. As regular readers will know, I'm something of an advocate, almost evangelical in fact, when it comes to security updates. Whether it is the latest Google Chrome browser emergency update, or the monthly Patch Tuesday rollout of fixes, often relating to zero-day vulnerabilities are actively being exploited, impacting Windows users, my advice is always the same: update now. Sometimes, however, the early bird that gets the worm discovers it's a rotten one. Who can forget the recent security update that killed Microsoft's Windows Hello security feature, for example. Or, even more recently, the disastrous April 8 update to protect against the CVE-2025-21204 vulnerability that installed a mysterious folder, and got everyone's collective conspiracy theory panties in a bunch. Microsoft had to issue a notice explaining that the folder was critical protection against being attacked by threat actors exploiting the vulnerability in question and, unlike the advice spreading across social media platforms, not to delete it under any circumstances. That folder was called inetpub and it's at the heart of this latest warning, from a highly respected security researcher who used to work for Microsoft itself. 'I've discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates,' the researcher, Kevin Beaumont, said. I have reached out to Microsoft for a statement, but in the meantime this is some of the response that was sent to Beaumont after he contacted Microsoft about the issue: 'After careful investigation, this case is currently rated as a Moderate severity issue. It does not meet MSRCs current bar for immediate servicing as the update fails to apply only if the 'inetpub' folder is a junction to a file and succeeds upon deleting the inetpub symlink and retrying.' Microsoft told Beaumont that it had shared the report with the relevant Windows security team, which would consider a potential fix, but for now, the case was closed.
Forbes
25-04-2025
- Forbes
Microsoft's Update Mistake—Your Windows PC Is Now At Risk
Microsoft's April update suddenly gets awkward Getty Images An awkward new warning for Windows users heading into the weekend. Microsoft's confusing messaging on deleting or not deleting a mystery folder on your PC has suddenly taken a nasty turn. This could now leave you and your PC at risk. We're talking 'inetpub,' of course, the mysterious folder that turned up on PCs post the April update, and which at first was irrelevant and then critical and is now a threat. Per XDA-Developers, the ''inetpub' folder might be more dangerous than we thought… the inetpub folder in Windows 11 can pose a risk if weaponized by hackers. Non-admin users can easily stop Windows security updates using junction points. Attempting to block updates may lead to installation errors or rollbacks on Windows 11.' PC World was first to pick up the warning from cyber guru Kevin Beaumont, commenting that the 'crucial new 'inetpub' folder is laughably easy to hack… The initial impression was that this was a bug, as the folder was empty and apparently served no function. Microsoft later explained that the inetpub folder is important for Windows security because it was created to patch the CVE-2025-21204 vulnerability.' That's neatly ironic. 'In short, the folder [which] is there to bump up system security by preventing the vulnerability from being exploited' actually introduces a vulnerability. According to Beaumont, Microsoft's patch for CVE-2025–21204, which 'allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder.' The fix is to add the c:\inetpub folder themselves, but the new problem is 'this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.' If you're not keeping up with the 'inetpub' story so far, you're not alone. Per Cybersecurity News, 'this isn't merely a temporary denial of service – it's a persistent issue that continues until someone manually resolves the junction or reinstalls the system… This could be easily scripted and deployed by malware or malicious actors seeking to keep systems vulnerable to other exploits.' Absent a fix — and Beaumont reported this to Microsoft a fortnight ago, 'system administrators are advised to monitor the system drive for unusual junction points.' Mayank Parmar from Windows Latest told me 'if someone without admin rights uses a trick (called a junction) to link this folder to a file — like Notepad — it can break future Windows updates. The system expects inetpub to be a folder, not a file, so the updates fail with an error code (0x800F081F). This glitch can be abused to block future updates, and Microsoft hasn't yet responded to the issue.' The advice remains not to delete the folder, but as XDA Developers says, 'the company told users not to delete it, as it's a part of a security patch titled CVE-2025-21204 and is harmless. However, deleting the folder won't kill your PC if Microsoft is to be believed.' According to Parmar, 'normally a junction is used to make one folder act like another. But here, a user can create a junction from C:\inetpub to a file (like Notepad). The system expects inetpub to be a folder. When it turns out to be a file, Windows updates fail with an error, blocking future updates." All of which means "no admin rights are needed, just this trick breaks the update process.' I have reached out to Microsoft for any further user guidance.
Forbes
15-04-2025
- Forbes
Microsoft Warns Millions Of Windows Users—Do Not Update Your PC
New warning for Windows users. Microsoft is having a moment. April's updates have caused as many problems as they've resolved, at least from a user perspective. Mysterious folders have appeared on PCs along with dire warnings. And now a new error pushes users to redo an update. But Microsoft has now warned that is not the case — no new update is required. The common theme is that Microsoft is warning users they must do nothing. As I reported last week, the first and most innocuous of these issues is the empty 'inetpub' folder that appeared on devices post April's update. As tempting as it might be to delete this folder, don't. Per Windows Latest, 'you're not supposed to remove the folder… That's because it's linked to a security patch for a bug titled CVE-2025-21204, which is a flaw that allows attackers to modify the system files or folders.' Now we have another do nothing warning. Neowin reports that 'sometimes, dealing with Windows Update issues is much simpler. As simple as just ignoring the error. In recently updated documentation, Microsoft notified users that Windows PCs might experience error 0x80070643 with an "ERROR_INSTALL_FAILURE" message when attempting to install an update for the Windows Recovery Environment or WinRE.' This hits when installing the April 2025 KB5057589 WinRE update and makes it seem as though the update has failed and needs a redo. That's not the case. Microsoft says that 'this error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.' Windows Latest explains that 'many users couldn't install the update because of the partition size for the Recovery disk, which caused the error. But the catch is that the error affected even those who do not have low storage. And that's where things got tricker because nobody could go past the error message.' But according to Microsoft, 'WinRE update is 'typically applied successfully' despite the failure message.' All of which means once you have applied the April updates, do not update again regardless of the error messages you're seeing, at least until you have restarted to see if that clears the issue. And don't delete that 'inetpub' security folder either. There's a chance the erroneous WinRE error might be a little persistent. But again, says Windows Latest, 'just ignore… Microsoft has officially recommended users to ignore the errors.' Or to put it even more starkly: 'If you run into Windows Update error code 0x80070643, don't try to fix it because you can't do that.' Microsoft also adds its usual reminder that 'on October 14, 2025, Windows 10 will reach end of support. After this date, devices running Windows 10 will no longer receive fixes for known issues, time zone updates, technical support, or monthly security and preview updates containing protection from the latest security threats.' That's the much bigger issue, and does require you to update your Windows 10 PC.
Forbes
13-04-2025
- Forbes
Microsoft's New Windows Update — 1 Billion Users Warned: Do Not Delete
Do not delete this Windows update folder, Microsoft warns. Windows users have a lot on their collective plate when it comes to matters of security, that's for sure. There's the zero-day vulnerability that wants to steal your Windows passwords, hackers bypassing Windows Defender security protections, and then there's Microsoft's own decisions to deal with. The deletion of VPN provision Windows Defender users and, much more seriously, the deletion of security support for Windows 10 users. As an aside, you can still get Windows 11 for free, if you are quick. The latest and somewhat confusing situation of Microsoft's making has come about as Windows users noticed a mysterious new folder after the most recent security update. A folder with no explanation and one which, now, Microsoft has warned a billion Windows users they must not delete. As part of the April 8 Patch Tuesday security updates, Microsoft included a fix for CVE-2025-21204. This vulnerability in the critical Windows Update Stack, which is responsible for the management of Windows updates, no less, could lead to an attacker to elevate privileges locally. Something that the experts at described as posing 'a significant risk to organizations, as the compromised systems could allow attackers to execute unauthorized actions, potentially undermining the integrity and security of sensitive information and system operations.' I won't bore you with the technicalities of link resolution process manipulation that could enable hackers to access files and execute commands; just know it's pretty darn serious. Which is why Microsoft fixed it, and that's a good thing. The way that Microsoft fixed it, however, is not so good. A lack of transparency is a particular bugbear of mine when it comes to anything security-related, and this vulnerability patch is no exception. The problem is that Microsoft created a new and empty folder with the security update, the appearance of which led to a totally understandable debate in tech forums and on Reddit as well as other social media platforms. What was this 'inetpub' folder, how did it get there, is it dangerous, is Microsoft using it to collect data, and should I delete it? According to a new Microsoft security advisory update, the answer to the last of these questions is a resounding no. Windows users must not delete the inetpub folder, Microsoft warned. An April 10 update to Microsoft's security advisory concerning CVE-2025-21204, entitled 'Windows Process Activation Elevation of Privilege Vulnerability,'confirmed that 'after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device.' Microsoft Security Advisory Microsoft went on to say that the folder installation was 'part of changes that increase protection' but failed to explain precisely how. What I do know is that the inetpub folder itself usually comes as part of the Internet Information Services web server platform, enabled using Windows Features, but this update has dropped it whether the user has IIS installed or not. More transparency is required, methinks, although not at the expense of tipping off potential attackers as to how the mitigation works, of course. What I can say, however, is that as a security wonk, I strongly urge all Windows users to follow Microsoft's advice: 'This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.'
