Microsoft’s ‘inetpub’ directory allows hackers to disable Windows updates permanently on PCs

Microsoft’s ‘inetpub’ directory allows hackers to disable Windows updates permanently on PCs

The Mysterious Inetpub Folder: A Double-Edged Sword in Windows Security

Recently, an intriguing discovery regarding the “inetpub”folder has raised concerns among Windows users. While many found that deleting this folder didn’t result in any immediate adverse effects, Microsoft has strongly advised against this action.

Understanding the Inetpub Folder

Microsoft clarified that the inetpub folder came into existence following the resolution of a critical security flaw related to symlink escalation of privilege, identified as CVE-2025-21204, which was addressed in the April 2025 Patch Tuesday updates for Windows 10 and Windows 11.

What Are Symlinks?

Symlinks, or symbolic links, serve as references to other files or directories within a filesystem. They point to specific paths, enabling quick access to related content. Although these links enhance navigation and organization, they also present a potential vulnerability since malicious actors can exploit them without needing elevated privileges.

A New Security Concern

Despite the patch aimed at addressing the vulnerabilities associated with symlinks, security researcher Kevin Beaumont has uncovered another troubling flaw. The inetpub folder, which was created as a part of the fix, inadvertently provides a pathway for non-administrator users to hinder Windows updates by crafting a new symlink.

Explaining the Exploit

In his analysis, Beaumont notes:

Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder.

To fix this, Microsoft precreates the c:\inetpub folder on all Windows systems from April 2025’s Windows OS updates onwards.

However, I’ve discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.

So a non-admin user can just do Windows+R, cmd, and then run:

mklink /j c:\inetpub c:\windows\system32\notepad.exe

This creates a symlink between c:\inetpub and notepad. After that point, April 2025 Windows OS update (and future updates, unless Microsoft fix it) fail to ever install — they error out and/or roll back. So you just go without security updates.

What’s Next for Microsoft?

Beaumont has attempted to engage with the Microsoft Security Response Center (MSRC) regarding this issue, though he has yet to receive a response. It’s likely that Microsoft is already aware of this new vulnerability and may work on a subsequent patch to address it. Updates will be provided as information becomes available.

For more detailed insights and to stay informed, you can check the original report here.

Related Articles:

Clair Obscur Expedition 33: Comprehensive Moon Build Guide
Step-by-Step Guide to Adding Copilot New Tab in Microsoft Edge Browser

Leave a Reply

Your email address will not be published. Required fields are marked *