27-04-2025
New Security Warning After 1 Billion Windows Users Told Do Not Delete
That mystery Windows security update could block new security updates.
As if users of the world's most popular, although I use that term with some caution, operating system don't have enough security issues to worry about, Microsoft appears to have introduced one of its own making. With dangerous infostealer malware on the hunt for Windows passwords and 2FA code bypassing cookies and a record number of vulnerabilities reported, the last thing a billion Windows users want to hear is that an update meant to solve security issues could have introduced a new one of its own.
As regular readers will know, I'm something of an advocate, almost evangelical in fact, when it comes to security updates. Whether it is the latest Google Chrome browser emergency update, or the monthly Patch Tuesday rollout of fixes, often relating to zero-day vulnerabilities are actively being exploited, impacting Windows users, my advice is always the same: update now. Sometimes, however, the early bird that gets the worm discovers it's a rotten one. Who can forget the recent security update that killed Microsoft's Windows Hello security feature, for example. Or, even more recently, the disastrous April 8 update to protect against the CVE-2025-21204 vulnerability that installed a mysterious folder, and got everyone's collective conspiracy theory panties in a bunch.
Microsoft had to issue a notice explaining that the folder was critical protection against being attacked by threat actors exploiting the vulnerability in question and, unlike the advice spreading across social media platforms, not to delete it under any circumstances. That folder was called inetpub and it's at the heart of this latest warning, from a highly respected security researcher who used to work for Microsoft itself.
'I've discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates,' the researcher, Kevin Beaumont, said.
I have reached out to Microsoft for a statement, but in the meantime this is some of the response that was sent to Beaumont after he contacted Microsoft about the issue: 'After careful investigation, this case is currently rated as a Moderate severity issue. It does not meet MSRCs current bar for immediate servicing as the update fails to apply only if the 'inetpub' folder is a junction to a file and succeeds upon deleting the inetpub symlink and retrying.'
Microsoft told Beaumont that it had shared the report with the relevant Windows security team, which would consider a potential fix, but for now, the case was closed.
